{"description": "The GNOME Display Manager (GDM) can allow users to automatically login without\nuser interaction or credentials or unattended login. User should always be required to authenticate themselves\nto the system that they are authorized to use. To disable user ability to automatically\nlogin to the system, set the <tt>DISPLAYMANAGER_AUTOLOGIN=\"\"</tt>\nor <tt>DISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"no\"</tt> in the\n<tt>/etc/sysconfig/displaymanager</tt>. For example:\n<pre>DISPLAYMANAGER_AUTOLOGIN=\"\"\nDISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"no\"</pre>", "rationale": "Failure to restrict system access to authenticated users negatively impacts operating\nsystem security.", "severity": "high", "references": {"nist": ["CM-6(b)", "CM-6.1(iv)"], "srg": ["SRG-OS-000480-GPOS-00229"], "pcidss4": ["8.3.1", "8.3"]}, "control_references": {"pcidss4": ["8.3.1", "8.3"]}, "components": [], "identifiers": {}, "ocil_clause": "GDM allows users to automatically login or unattended login", "ocil": "To verify that automatic or unattended logins are disabled, run the following command:\n<pre>grep -i ^DISPLAYMANAGER_AUTOLOGIN /etc/sysconfig/displaymanager</pre>\nThe output should show the following:\n<pre>DISPLAYMANAGER_AUTOLOGIN=\"\"\n     DISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"no\"</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Disable GDM Unattended or Automatic Login", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml", "template": null}