An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1022	GEN000000-LNX00380	SV-1022r2_rule	ECSC-1	Medium

Description
These options will detract from the security of the Xwindows system.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-8302r2_chk )
X servers get started several ways, such as xdm, gdm or xinit. Perform: # ps –ef \|grep X Output for example: /usr/X11R6/bin/X –nolisten –ctp –br vt7 –auth /var/lib/xdm/authdir/authfiles/A:0 The above example show xdm is controlling the Xserver. Check the Xservers file to ensure the following options are not enabled: -ac, -core, and -nolock . Xserver files can found in: /etc/X11/xdm/Xservers /etc/opt/kde3/share/config/kdm/Xservers /etc/X11/gdm/Xservers

Check Text ( C-8302r2_chk )

X servers get started several ways, such as xdm, gdm or xinit. Perform:
# ps –ef |grep X

Output for example:

/usr/X11R6/bin/X –nolisten –ctp –br vt7 –auth /var/lib/xdm/authdir/authfiles/A:0

The above example show xdm is controlling the Xserver.

Check the Xservers file to ensure the following options are not enabled:
-ac, -core, and -nolock .

Xserver files can found in:

/etc/X11/xdm/Xservers
/etc/opt/kde3/share/config/kdm/Xservers
/etc/X11/gdm/Xservers

Fix Text (F-1176r2_fix)
Disable the following options: -ac, -core and -nolock.