{"description": "<tt>GNOME</tt> allows the clock and applications to track and access\nlocation information. This setting should be disabled as applications\nshould not track system location. To configure the system to disable\nlocation tracking, add or set <tt>enabled</tt> to <tt>false</tt> in\n<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/system/location]\nenabled=false</pre>\nTo configure the clock to disable location tracking, add or set\n<tt>geolocation</tt> to <tt>false</tt> in\n<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/clocks]\ngeolocation=false</pre>\nOnce the settings have been added, add a lock to\n<tt>/etc/dconf/db/local.d/locks/00-security-settings-lock</tt> to prevent\nuser modification. For example:\n<pre>/org/gnome/system/location/enabled\n/org/gnome/clocks/geolocation</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "Power settings should not be enabled on systems that are not mobile devices.\nEnabling power settings on non-mobile devices could have unintended processing\nconsequences on standard systems.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "geolocation is enabled and not disabled", "ocil": "To ensure that system location tracking is not active, run the following command:\n<pre>$ gsettings get org.gnome.system.location enabled\n$ gsettings get org.gnome.clocks geolocation</pre>\nIf properly configured, the output should be <tt>false</tt>.\nTo ensure that users cannot enable system location tracking, run the following:\n<pre>$ grep location /etc/dconf/db/local.d/locks/*</pre>\nIf properly configured, the output should be\n<tt>/org/gnome/system/location/enabled</tt> and <tt>/org/gnome/clocks/geolocation</tt>.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Disable Geolocation in GNOME3", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml", "template": null}