RHEL 9 must not allow unattended or automatic logon via the graphical user interface.

STIG ID: RHEL-09-271040  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-258018

Vulnerability Discussion

Failure to restrict system access to authenticated users negatively impacts operating system security.

Check

Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.

Verify RHEL 9 does not allow an unattended or automatic logon to the system via a graphical user interface.

Check for the value of the "AutomaticLoginEnable" in the "/etc/gdm/custom.conf" file with the following command:

$ grep -i automaticlogin /etc/gdm/custom.conf

AutomaticLoginEnable=false

If the value of "AutomaticLoginEnable" is not set to "false", this is a finding.

Fix

Configure the GNOME desktop display manager to disable automatic login.

Set AutomaticLoginEnable to false in the [daemon] section in /etc/gdm/custom.conf. For example:

[daemon]
AutomaticLoginEnable=false
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.