RHEL 10 must not allow unattended or automatic login via the graphical user interface.

STIG ID: RHEL-10-700720  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: high (CAT I)  |  CCI: CCI-000213 |  Vulnerability Id: V-281275

Vulnerability Discussion

Failure to restrict system access to authenticated users negatively impacts operating system security.

Check

Note: This requirement assumes the use of the RHEL 10 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable.

Verify RHEL 10 does not allow an unattended or automatic login to the system via a graphical user interface.

Check for the value of the "AutomaticLoginEnable" in the "/etc/gdm/custom.conf" file with the following command:

$ grep -i automaticlogin /etc/gdm/custom.conf
AutomaticLoginEnable=false

If the value of "AutomaticLoginEnable" is not set to "false", this is a finding.

Fix

Configure RHEL 10 so that the GNOME desktop display manager disables automatic login.

Update the "/etc/gdm/custom.conf" file to disable automatic login to the GNOME desktop:

$ sudo vi /etc/gdm/custom.conf

[daemon]
AutomaticLoginEnable=false
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.