GEN000000-LNX00380 – An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock – ‘-core’

Details

These options will detract from the security of the Xwindows system.

Solution

Disable the unwanted options:
Procedure:
For gdm:
Remove the -ac, -core and -nolock options by creating a ‘command’ entry in the /etc/gdm/custom.conf file with the options removed.

For Xwindows started by xinit:
Create or modify the .xserverrc script in the user’s home directory to remove the -ac, -core and -nolock options from the exec /usr/bin/X command.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
CSCv6|3.1
Rule-ID|SV-218170r603259_rule
STIG-ID|GEN000000-LNX00380
STIG-Legacy|SV-62815
STIG-Legacy|V-1022
Vuln-ID|V-218170

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles