{"description": "By default, <tt>GNOME</tt> does not require credentials when using <tt>Vino</tt> for\nremote access. To configure the system to require remote credentials, add or set\n<tt>authentication-methods</tt> to <tt>['vnc']</tt> in\n<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/Vino]\nauthentication-methods=['vnc']\n</pre>\nOnce the settings have been added, add a lock to\n<tt>/etc/dconf/db/local.d/locks/00-security-settings-lock</tt> to prevent user modification.\nFor example:\n<pre>/org/gnome/Vino/authentication-methods</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "Username and password prompting is required for remote access. Otherwise, non-authorized\nand nefarious users can access the system freely.", "severity": "medium", "references": {"cui": ["3.1.12"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "wireless network notification is enabled and not disabled", "ocil": "To ensure that remote access requires credentials, run the following command:\n<pre>$ gsettings get org.gnome.Vino authentication-methods</pre>\nIf properly configured, the output should be <tt>false</tt>.\nTo ensure that users cannot disable credentials for remote access, run the following:\n<pre>$ grep authentication-methods /etc/dconf/db/local.d/locks/*</pre>\nIf properly configured, the output should be\n<tt>/org/gnome/Vino/authentication-methods</tt>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Require Credential Prompting for Remote Access in GNOME3", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml", "template": null}