An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1022 | GEN000000-LNX00380 | SV-37217r2_rule | ECSC-1 | Medium |
| Description |
|---|
| These options will detract from the security of the Xwindows system. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2014-07-02 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-31162r1_fix) |
|---|
| Disable the unwanted options: Procedure: For gdm: Remove the -ac, -core and -nolock options by creating a "command" entry in the /etc/gdm/custom.conf file with the options removed. For Xwindows started by xinit: Create or modify the .xserverrc script in the users home directory to remove the -ac, -core and -nolock options from the exec /usr/bin/X command. |