UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

X11 forwarding for SSH must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48093 SOL-11.1-040330 SV-60965r1_rule Medium
Description
As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote client during the session and perform unobtrusive activities such as keystroke monitoring, if the X11 services are not required for the system's intended function, they should be disabled or restricted as appropriate to the user's needs.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2017-01-27

Details

Check Text ( None )
None
Fix Text (F-51701r1_fix)
The root role is required.

Modify the sshd_config file.

# pfedit /etc/ssh/sshd_config

Locate the line containing:

X11Forwarding

Change it to:

X11Forwarding no

Restart the SSH service.

# svcadm restart svc:/network/ssh