File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (83 lines) | stat: -rw-r--r-- 2,582 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
documentation_complete: true

title: 'Configure GNOME3 DConf User Profile'

description: |-
    By default, DConf provides a standard user profile. This profile contains a list
    of DConf configuration databases. The user profile and database always take the
    highest priority. As such the DConf User profile should always exist and be
    configured correctly.
    <br /><br />
    {{% if product in ["sle12", "sle15"] %}}
    To make sure that the user profile is configured correctly, the <tt>/etc/dconf/profile/gdm</tt>
    should be set as follows:
    <pre>user-db:user
    system-db:gdm
    </pre>
    {{% elif 'ubuntu' in product %}}
    To make sure that the gdm profile is configured correctly, the <tt>/etc/dconf/profile/gdm</tt>
    should be set as follows:
    <pre>user-db:user
    system-db:gdm
    </pre>
    To make sure that the user profile is configured correctly, the <tt>/etc/dconf/profile/user</tt>
    should be set as follows:
    <pre>user-db:user
    system-db:local
    </pre>
    {{% else %}}
    To make sure that the user profile is configured correctly, the <tt>/etc/dconf/profile/user</tt>
    should be set as follows:
    <pre>user-db:user
    system-db:local
    system-db:site
    system-db:distro
    </pre>
    {{% endif %}}

rationale: |-
    Failure to have a functional DConf profile prevents GNOME3 configuration settings
    from being enforced for all users and allows various security risks.

severity: high

identifiers:
    cce@rhel9: CCE-88767-9
    cce@sle12: CCE-83006-7
    cce@sle15: CCE-83267-5

references:
    cis@sle12: '1.10'
    cis@sle15: '1.10'
    stigid@sle12: SLES-12-010611
    stigid@sle15: SLES-15-040061

ocil_clause: 'DConf User profile does not exist or is not configured correctly'

ocil: |-
    To verify that the DConf User profile is configured correctly, run the following
    command:
    {{% if product in ["sle12", "sle15"] %}}
    <pre>$ cat /etc/dconf/profile/gdm</pre>
    The output should show the following:
    <pre>user-db:user
    system-db:gdm</pre>
    {{% elif 'ubuntu' in product %}}
    <pre>$ cat /etc/dconf/profile/gdm</pre>
    The output should show the following:
    <pre>user-db:user
    system-db:gdm</pre>
    <pre>$ cat /etc/dconf/profile/user</pre>
    The output should show the following:
    <pre>user-db:user
    system-db:local
    {{% else %}}
    <pre>$ cat /etc/dconf/profile/user</pre>
    The output should show the following:
    <pre>user-db:user
    system-db:local
    system-db:site
    system-db:distro</pre>
    {{% endif %}}

platform: system_with_kernel