Details

Without the correct options enabled, the Xwindows system would be less secure and there would be no screen timeout.

Solution

Enable the following options: -audit (at level 4), -auth and -s with 15 minutes as the timeout value.

Procedure for gdm:
Edit /etc/gdm/custom.conf and add the following:
[server-Standard]
name=Standard server
command=/usr/bin/Xorg -br -audit 4 -s 15
chooser=false
handled=true
flexible=true
priority=0

Procedure for xinit:
Edit or create a .xserverrc file in the user’s home directory containing the startup script for xinit.
This script must have an exec line with at least these options:

exec /usr/bin/X -audit 4 -s 15 -auth &

The is created using the ‘xauth’ command and is customarily located in the user’s home directory with the name ‘.Xauthority’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• CSCv6|3.1
• Rule-ID|SV-218169r603259_rule
• STIG-ID|GEN000000-LNX00360
• STIG-Legacy|SV-62805
• STIG-Legacy|V-1021
• Vuln-ID|V-218169

Source

• Tenable.com/audits