Merge pull request #14566 from mpurg/ubuntu_dconf

dodys · web-flow · commit 0f84e8449bb7 · 2026-03-13T09:49:32.000+01:00
Update dconf controls in Ubuntu 24.04 STIG
diff --git a/controls/stig_ubuntu2404.yml b/controls/stig_ubuntu2404.yml
@@ -317,15 +317,39 @@ controls:
           - var_screensaver_lock_delay=immediate
           - dconf_gnome_screensaver_idle_delay
           - dconf_gnome_screensaver_lock_delay
+          - dconf_gnome_screensaver_lock_enabled
       status: automated
 
     - id: UBTU-24-200040
-      title: Ubuntu 24.04 LTS must retain a user's session lock until the user reestablishes access using
-          established identification and authentication procedures.
+      title: Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface automount function.
       levels:
           - medium
       rules:
-          - dconf_gnome_screensaver_lock_enabled
+          - dconf_gnome_disable_automount_open
+      status: automated
+
+    - id: UBTU-24-200041
+      title: Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function.
+      levels:
+          - medium
+      rules:
+          - dconf_gnome_disable_autorun
+      status: automated
+
+    - id: UBTU-24-200042
+      title: Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.
+      levels:
+          - medium
+      rules:
+          - dconf_gnome_lock_screen_on_smartcard_removal
+      status: automated
+
+    - id: UBTU-24-200043
+      title: Ubuntu 24.04 LTS must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
+      levels:
+          - medium
+      rules:
+          - dconf_gnome_screensaver_mode_blank
       status: automated
 
     - id: UBTU-24-200060
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh
@@ -1,5 +1,10 @@
 # platform = multi_platform_all
 
+{{% if 'ubuntu' in product %}}
+{{{ bash_enable_dconf_user_profile(profile="user", database="local") }}}
+{{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
+{{% endif %}}
+
 {{% if product in ['sle15', 'sle16'] %}}
 {{{ bash_enable_dconf_user_profile(profile="gdm", database="gdm") }}}
 {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "picture-uri", "string ''", dconf_gdm_dir, "00-security-settings", rule_id=rule_id) }}}
