Menu Close

Chapter 3. Displaying the system security classification

As an administrator of deployments where the user must be aware of the security classification of the system, you can create either a login screen heads-up banner or a classification banner.

3.1. Displaying the system security classification at login

You can now configure the GNOME Display Manager (GDM) login screen to display an overlay banner that contains a predefined message. This is useful for deployments where the user is required to read the security classification of the system before logging in.

Procedure

  1. Install the gnome-shell-extension-heads-up-display package: 

    # yum install gnome-shell-extension-heads-up-display

  2. Create the /etc/dconf/db/gdm.d/99-hud-message file with the following content: 

    [org/gnome/shell]
enabled-extensions=['heads-up-display@gnome-shell-extensions.gcampax.github.com']

[org/gnome/shell/extensions/heads-up-display]
message-heading="Security classification title"
message-body="Security classification description"

    Replace the following values with text that describes the security classification of your system:

    Security classification title
    A short heading that identifies the security classification.
    Security classification description
    A longer message that provides additional details, such as references to various guidelines.

  3. Update the dconf database: 

    # dconf update
  4. Reboot the system.

3.2. Enabling system security classification banners

You can now create a classification banner to state the overall security classification level of the system. This is useful for deployments where the user must be aware of the security classification level of the system that they are logged into.

You can create a classification banner within the running session, the lock screen, and login screen, and customize its background color, its font, and its position within the screen.

This procedure creates a red banner with a white text placed on both the top and bottom of the login screen.

Procedure

  1. Install gnome-shell-extension-classification-banner package. 

    # yum install gnome-shell-extension-classification-banner

  2. Create the /etc/dconf/db/gdm.d/99-class-banner file with the following content: 

    [org/gnome/shell]
enabled-extensions=['classification-banner@gnome-shell-extensions.gcampax.github.com']

[org/gnome/shell/extensions/classification-banner]
background-color='rgba(200,16,46,0.75)'
message='TOP SECRET'
top-banner=true
bottom-banner=true
system-info=true
color='rgb(255,255,255)'

  3. Update the dconf database: 

    # dconf update
  4. Reboot the system.