Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1022 | GEN000000-LNX00380 | SV-1022r2_rule | ECSC-1 | Medium |
| Description |
|---|
| These options will detract from the security of the Xwindows system. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-8302r2_chk ) |
|---|
| X servers get started several ways, such as xdm, gdm or xinit. Perform: # ps –ef |grep X Output for example: /usr/X11R6/bin/X –nolisten –ctp –br vt7 –auth /var/lib/xdm/authdir/authfiles/A:0 The above example show xdm is controlling the Xserver. Check the Xservers file to ensure the following options are not enabled: -ac, -core, and -nolock . Xserver files can found in: /etc/X11/xdm/Xservers /etc/opt/kde3/share/config/kdm/Xservers /etc/X11/gdm/Xservers |
| Fix Text (F-1176r2_fix) |
|---|
| Disable the following options: -ac, -core and -nolock. |