1.7.2 Ensure GDM login banner is configured (Scored)

Level 1 - Server 
Level 1 - Workstation

GDM is the GNOME Display Manager which handles graphical login for GNOME based systems.

Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place.

If GDM is installed on the system verify that /etc/dconf/profile/gdm exists and contains the following:

user-db:user 
system-db:gdm 
file-db:/usr/share/gdm/greeter-dconf-defaults

Then verify the banner-message-enable and banner-message-text options are configured in /etc/dconf/db/gdm.d/01-banner-message:

[org/gnome/login-screen] 
banner-message-enable=true 
banner-message-text='<banner message>'

Create the /etc/dconf/profile/gdm file with the following contents:

user-db:user 
system-db:gdm 
file-db:/usr/share/gdm/greeter-dconf-defaults

Create or edit the banner-message-enable and banner-message-text options in /etc/dconf/db/gdm.d/01-banner-message:

[org/gnome/login-screen] 
banner-message-enable=true 
banner-message-text='Authorized uses only. All activity may be monitored and reported.'

Run the following command to update the system databases:

# dconf update

Additional options and sections may appear in the /etc/dconf/db/gdm.d/01-banner-message file. If a different GUI login service is in use, consult your documentation and apply an equivalent banner.

  • ubuntu1604/1/7/2.txt
  • Last modified: 2017/05/02 21:35
  • by Piotr K┼éoczewski