UCF STIG Viewer Logo

An X Windows display manager must not be installed unless approved.


Overview

Finding ID Version Rule ID IA Controls Severity
V-72307 RHEL-07-040730 SV-86931r3_rule Medium
Description
Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. X Windows has a long history of security vulnerabilities and will not be used unless approved and documented.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2017-12-14

Details

Check Text ( C-72541r3_chk )
Verify that if the system has X Windows System installed, it is authorized.

Check for the X11 package with the following command:

# rpm -qa | grep xorg | grep server

Ask the System Administrator if use of the X Windows System is an operational requirement.

If the use of X Windows on the system is not documented with the Information System Security Officer (ISSO), this is a finding.
Fix Text (F-78661r2_fix)
Document the requirement for an X Windows server with the ISSO or remove the related packages with the following commands:

# rpm -e xorg-x11-server-common