Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== 1.7.2 Ensure GDM login banner is configured (Scored) ====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. =====Rationale===== Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. =====Audit===== If GDM is installed on the system verify that ''/etc/dconf/profile/gdm'' exists and contains the following: <Code:bash> user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaults </Code> Then verify the ''banner-message-enable'' and ''banner-message-text'' options are configured in ''/etc/dconf/db/gdm.d/01-banner-message'': <Code:bash> [org/gnome/login-screen] banner-message-enable=true banner-message-text='<banner message>' </Code> =====Remediation===== Create the ''/etc/dconf/profile/gdm'' file with the following contents: <Code:bash> user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaults </Code> Create or edit the ''banner-message-enable'' and ''banner-message-text'' options in ''/etc/dconf/db/gdm.d/01-banner-message'': <Code:bash> [org/gnome/login-screen] banner-message-enable=true banner-message-text='Authorized uses only. All activity may be monitored and reported.' </Code> Run the following command to update the system databases: <Code:bash> # dconf update </Code> =====Notes===== Additional options and sections may appear in the ''/etc/dconf/db/gdm.d/01-banner-message'' file. If a different GUI login service is in use, consult your documentation and apply an equivalent banner. ubuntu1604/1/7/2.txt Last modified: 2017/05/02 21:35by Piotr Kłoczewski