UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1022 GEN000000-LNX00380 SV-37217r2_rule ECSC-1 Medium
Description
These options will detract from the security of the Xwindows system.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2014-07-02

Details

Check Text ( None )
None
Fix Text (F-31162r1_fix)
Disable the unwanted options:
Procedure:
For gdm:
Remove the -ac, -core and -nolock options by creating a "command" entry in the /etc/gdm/custom.conf file with the options removed.

For Xwindows started by xinit:
Create or modify the .xserverrc script in the users home directory to remove the -ac, -core and -nolock options from the exec /usr/bin/X command.