Any X Windows host must write .Xauthority files.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-850	GEN005160	SV-63199r3_rule	ECCD-1 ECCD-2	Medium

Description
.Xauthority files ensure the user is authorized to access specific X Windows host. If .Xauthority files are not used, it may be possible to obtain unauthorized access to the X Windows host.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2015-12-07

Details

Check Text ( C-51925r5_chk )
Check for .Xauthority or .xauth files being utilized by looking for such files in the home directory of a user. Procedure: # find / -name '.xauth*' \| more If no .xauth files are found in a user's home directory, ensure that Xwindows is not active on the system by performing the command: # ps -ef \| grep X If Xwindows is not running, this rule is not applicable. If the .Xauthority or .xauth (followed by apparently random characters) files do not exist, ask the SA if the user is using Xwindows. If the user is utilizing Xwindows and none of these files exist, this is a finding.

Check Text ( C-51925r5_chk )

Check for .Xauthority or .xauth files being utilized by looking for such files in the home directory of a user.

Procedure:

# find / -name '.xauth*' | more

If no .xauth files are found in a user's home directory, ensure that Xwindows is not active on the system by performing the command:

# ps -ef | grep X

If Xwindows is not running, this rule is not applicable.

If the .Xauthority or .xauth (followed by apparently random characters) files do not exist, ask the SA if the user is using Xwindows.

If the user is utilizing Xwindows and none of these files exist, this is a finding.

Fix Text (F-53777r1_fix)
Ensure the X Windows host is configured to write .Xauthority files into user home directories. Edit the Xaccess file. Ensure the line writing the .Xauthority file is uncommented.