Any X Windows host must write .Xauthority files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-850 | GEN005160 | SV-37678r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| .Xauthority files ensure the user is authorized to access specific X Windows host. If .Xauthority files are not used, it may be possible to obtain unauthorized access to the X Windows host. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2013-07-03 |
Details
| Check Text ( C-36865r2_chk ) |
|---|
| Check for .Xauthority or .xauth files being utilized by looking for such files in the home directory of a user. Procedure: Verify Xwindows is used on the system. # egrep "^x:5.*X11" /etc/inittab If no line is returned the boot process does not start Xwindows. If Xwindows is not configured to run, this rule is not applicable. Look for xauthority files in user home directory. # cd ~someuser # ls -la|egrep "(\.Xauthority|\.xauth)" If the .Xauthority or .xauth (followed by apparently random characters) files do not exist, ask the SA if the user is using Xwindows. If the user is utilizing Xwindows and none of these files exist, this is a finding. |
| Fix Text (F-31811r1_fix) |
|---|
| Ensure the X Windows host is configured to write .Xauthority files into user home directories. Edit the Xaccess file. Ensure the line writing the .Xauthority file is uncommented. |