UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The graphical display manager must not be installed on RHEL 8 unless approved.


Overview

Finding ID Version Rule ID IA Controls Severity
V-230553 RHEL-08-040320 SV-230553r599732_rule Medium
Description
Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.
STIG Date
Red Hat Enterprise Linux 8 Security Technical Implementation Guide 2020-11-25

Details

Check Text ( C-33222r568405_chk )
Verify that the system is configured to boot to the command line:

$ sudo systemctl get-default
multi-user.target

If the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.

Verify that a graphical user interface is not installed:

$ sudo rpm -qa | grep xorg | grep server

Ask the System Administrator if use of a graphical user interface is an operational requirement.

If the use of a graphical user interface on the system is not documented with the ISSO, this is a finding.
Fix Text (F-33197r568406_fix)
Document the requirement for a graphical user interface with the ISSO or remove the related packages with the following commands:

$ sudo rpm -e xorg-x11-server-common

$ sudo systemctl set-default multi-user.target