Hello Leland,
May I assume that this is one of your unacked/unnacked checks? I'm going
to read through the list carefully to hopefully uncover any others you
may have been referencing in the concall this morning.
I apologize that I didn't respond to this patch when you first posted
it, because I have been aware of this problem as a Linux system
administrator. GDM requires certain GConf settings to be stored inside
its user's home directory. When I tested your revised instructions just
now, GDM did not read the changes, and the user list was not disabled.
So in this particular case, I have to NACK this patch. If you saw
different behavior on your machine, please let me know and I can try to
work out why that might be.
There is a /var/lib/gdm/.gconf.mandatory directory which might fulfill
your requirement. I've tested the following, and this command will
disable the user list:
sudo gconftool-2 --direct --config-source
xml:readwrite:/var/lib/gdm/.gconf.mandatory --type bool --set
/apps/gdm/simple-greeter/disable_user_list true
This command writes to /var/lib/gdm/.gconf.mandatory/%gconf-tree.xml.
Otherwise, I can write an oval check that matches the original XCCDF
prose, which I can also confirm does work on our operational network.
Please let me know which way you think we should go on this. I think we
can get a very quick turnaround on this.
- Maura Dailey
On 01/13/2014 10:11 AM, Steinke, Leland J Sr CTR DISA FSO (US) wrote:
Ack/Nack?
Thanks,
Leland
> -----Original Message-----
> From:scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-
> security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of Steinke,
> Leland J Sr CTR DISA FSO (US)
> Sent: Monday, January 06, 2014 11:13 AM
> To:scap-security-guide@lists.fedorahosted.org
> Subject: [PATCH] update disable_user_list check and fix and add OVAL
>
> This patch includes OVAL for the disable_user_list Rule. It also
> updates the check and fix to look at the same thing.
>
>
> Thanks,
> Leland
> --
> Leland Steinke, Security+
> DISA FSO Technical Support Contractor
> tapestry technologies, Inc
> 717-267-5797 (DSN 570)
> leland.j.steinke.ctr(a)mail.mil (gov't)
> lsteinke(a)tapestrytech.com (com'l)
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide