1691541 – DISA STIG does not properly modify gdm login screen message

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1691541 - DISA STIG does not properly modify gdm login screen message

Summary: DISA STIG does not properly modify gdm login screen message

Keywords:
Status:	CLOSED DUPLICATE of bug 1659537
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Watson Yuuma Sato
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-03-21 20:46 UTC by Ryan Mullett
Modified:	2023-09-07 19:50 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-05-22 18:51:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ryan Mullett 2019-03-21 20:46:21 UTC

Description of problem:
remediating with the DISA STIG does not properly change the gdm login screen message. 

Version-Release number of selected component (if applicable):
openscap-1.2.17-2.el7.x86_64
scap-security-guide-0.1.40-12.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install a system with server with GUI
2. Install scap-security-guide and scap-workbench
3. Run a customization on scap-workbench using DISA STIG to ensure that openscap does not remove x11 packages. 
4. Remediate the system using that customization created in step 3

Actual results:
gdm login screen is not updated to show the login warning message

Expected results:
gdm login screen should show the login warning:

================================================================================ 

You are accessing a U.S. Government (USG) Information System (IS) that is 
provided for USG-authorized use only. By using this IS (which includes any 
device attached to this IS), you consent to the following conditions:

-The USG routinely intercepts and monitors communications on this IS for 
purposes including, but not limited to, penetration testing, COMSEC monitoring, 
network operations and defense, personnel misconduct (PM), law enforcement 
(LE), and counterintelligence (CI) investigations.

-At any time, the USG may inspect and seize data stored on this IS.

-Communications using, or data stored on, this IS are not private, are subject 
to routine monitoring, interception, and search, and may be disclosed or used 
for any USG-authorized purpose.

-This IS includes security measures (e.g., authentication and access controls) 
to protect USG interests--not for your personal benefit or privacy.

-Notwithstanding the above, using this IS does not constitute consent to PM, LE 
or CI investigative searching or monitoring of the content of privileged 
communications, or work product, related to personal representation or services 
by attorneys, psychotherapists, or clergy, and their assistants. Such 
communications and work product are private and confidential. See User 
Agreement for details.

================================================================================

Additional info:

The message does get added to the "banner-message-text" config option in '/etc/dconf/db/gdm.d/00-security-settings'. 

Also, logging in via ssh/console does present the user with the login warning (since it gets properly set in /etc/issue), it appears to just be an issue with the gdm banner not properly displaying.

Comment 5 Chris Williams 2019-05-22 18:51:28 UTC


*** This bug has been marked as a duplicate of bug 1659537 ***

Note You need to log in before you can comment on or make changes to this bug.