The Ubuntu operating system must enable the graphical user logon banner to display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-238197 | UBTU-20-010002 | SV-238197r958390_rule | Medium |
| Description |
| STIG | Date |
| Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide | 2025-05-16 |
Details
| Check Text (C-41407r653764_chk) |
| Verify the Ubuntu operating system is configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the operating system via a graphical user logon. Note: If the system does not have a graphical user interface installed, this requirement is Not Applicable. Check that the operating banner message for the graphical user logon is enabled with the following command: $ grep ^banner-message-enable /etc/gdm3/greeter.dconf-defaults banner-message-enable=true If the line is commented out or set to "false", this is a finding. |
| Fix Text (F-41366r653765_fix) |
| Edit the "/etc/gdm3/greeter.dconf-defaults" file. Look for the "banner-message-enable" parameter under the "[org/gnome/login-screen]" section and uncomment it (remove the leading "#" characters): Note: The lines are all near the bottom of the file but not adjacent to each other. [org/gnome/login-screen] banner-message-enable=true Update the GDM with the new configuration: $ sudo dconf update $ sudo systemctl restart gdm3 |