UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Any X Windows host must write .Xauthority files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-850 GEN005160 SV-45911r1_rule Medium
Description
.Xauthority files ensure the user is authorized to access specific X Windows host. If .Xauthority files are not used, it may be possible to obtain unauthorized access to the X Windows host.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-43219r2_chk )
Check if the ‘xorg-x11’ package is installed:
# rpm –q xorg-x11
If the xorg-x11 package is not installed this finding does not apply.



Check for .Xauthority or .xauth files being utilized by looking for such files in the home directory of a user.

Procedure:
Verify Xwindows is used on the system.
# egrep "^x:5.*X11" /etc/inittab
If no line is returned the boot process does not start Xwindows. If Xwindows is not configured to run, this rule is not applicable.

Look for xauthority files in user home directory.
# cd ~someuser
# ls -la|egrep "(\.Xauthority|\.xauth) "

If the .Xauthority or .xauth (followed by apparently random characters) files do not exist, ask the SA if the user is using Xwindows. If the user is utilizing Xwindows and none of these files exist, this is a finding.
Fix Text (F-39290r1_fix)
The X Windows server package should not be needed on a System z virtual OE. It can be removed to close this finding:
# rpm –e xorg-x11

If X Windows is required for some reason, ensure that the X Windows host is configured to write .Xauthority files into user home directories. Edit the Xaccess file. Ensure the line that writes the .Xauthority file is uncommented.