UCF STIG Viewer Logo

The .Xauthority utility must only permit access to authorized hosts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12017 GEN005240 SV-12518r4_rule ECCD-1 ECCD-2 Medium
Description
If unauthorized clients are permitted access to the X server, the user's X session may be compromised.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-7980r2_chk )
Check the X Window system access is limited to authorized clients.

Procedure:
# xauth
xauth> list

Ask the SA if the clients listed are authorized. If any are not, this is a finding.
Fix Text (F-11276r2_fix)
Remove unauthorized clients from the xauth configuration.
# xauth remove