3.2.10 CDE - /etc/dt/config/Xservers permissions and ownership - permissions and ownership

Information

The /etc/dt/config/Xservers contains entries to start the Xserver on the local display. Ensure this file is owned by root:bin and prevents group and other from writing to it.

Rationale:

The /etc/dt/config/Xservers contains entries to start the Xserver on the local display. The default file, /usr/dt/config/Xservers, is unconditionally overwritten upon subsequent installation. It is recommended that the appropriate permissions and ownership are applied to secure the file.

Solution

Check to see if the /etc/dt/config/Xservers exists:

ls -l /etc/dt/config/Xservers

If it exists ensure that it is explicitly defined in /etc/dt/config/Xconfig:

vi /etc/dt/config/Xconfig

Replace:

Dtlogin*servers: Xservers

With:

Dtlogin*servers: /etc/dt/config/Xservers

Apply the appropriate ownership and permissions to /etc/dt/config/Xservers:

chown root:bin /etc/dt/config/Xservers
chmod go-w /etc/dt/config/Xservers

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 624337093d048b8e6ebe17eb8159bfd7d5f1f5575fa8cfc6b3a799224dff646b