.Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12016	GEN005220	SV-38287r1_rule	ECCD-1 ECCD-2	Medium

Description
If access to the X server is not restricted, the user's X session may be compromised.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2018-09-14

Details

Check Text ( C-36602r1_chk )
Determine if the X server is running. # ps -ef \|grep -v grep \| grep X Determine if xauth is being used. # xauth # xauth> list If the above command sequence does not show any host other than the localhost, then xauth is not being used. Search the system for an X.hosts files (typically found only in /etc), where is a display number that may be used to limit X window connections. If no files are found, X.hosts files are not being used. If the X.hosts files contain any unauthorized hosts, this is a finding. If both xauth and X*.hosts files are not being used, this is a finding.

Check Text ( C-36602r1_chk )

Determine if the X server is running.
# ps -ef |grep -v grep | grep X

Determine if xauth is being used.
# xauth
# xauth> list

If the above command sequence does not show any host other than the localhost, then xauth is not being used.

Search the system for an X*.hosts files (typically found only in /etc), where * is a display number that may be used to limit X window connections. If no files are found, X*.hosts files are not being used. If the X*.hosts files contain any unauthorized hosts, this is a finding.

If both xauth and X*.hosts files are not being used, this is a finding.

Fix Text (F-31969r1_fix)
Create an X.hosts file, where is a display number that may be used to limit X window connections. Add the list of authorized X clients to the file.