GEN000000-LNX00360 – The X server must have the correct options enabled – ‘-s <= 15'

Details

Without the correct options enabled, the Xwindows system would be less secure and there would be no screen timeout.

Solution

Enable the following options: -audit (at level 4), -auth and -s with 15 minutes as the timeout value.

Procedure for gdm:
Edit /etc/gdm/custom.conf and add the following:
[server-Standard]
name=Standard server
command=/usr/bin/Xorg -br -audit 4 -s 15
chooser=false
handled=true
flexible=true
priority=0

Procedure for xinit:
Edit or create a .xserverrc file in the user’s home directory containing the startup script for xinit.
This script must have an exec line with at least these options:

exec /usr/bin/X -audit 4 -s 15 -auth &

The is created using the ‘xauth’ command and is customarily located in the user’s home directory with the name ‘.Xauthority’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
CSCv6|3.1
Rule-ID|SV-218169r603259_rule
STIG-ID|GEN000000-LNX00360
STIG-Legacy|SV-62805
STIG-Legacy|V-1021
Vuln-ID|V-218169

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles