CCE-96230-8Platform: cpe:/o:suse:suse_linux_enterprise_server:15 | Date: (C)2022-09-27 (M)2023-07-04 |
The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI).
Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000024-GPOS-00007
Parameter:
[yes/no]
Technical Mechanism:
Fix:Configure the SUSE operating system to display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access.
Note: If a graphical user interface is not installed, this requirement is Not Applicable.
Edit the file "/etc/gdm/Xsession".
Add the following content to the file "/etc/gdm/Xsession" below the line #!/bin/sh:
if ! zenity --text-info
--title "Consent"
--filename=/etc/gdm/banner
--no-markup
--checkbox="Accept." 10 10; then
sleep 1;
exit 1;
fi
Save the file "/etc/gdm/Xsession".
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.3 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84442 |