4.5.1.10 CDE - /etc/dt/config/Xservers permissions and ownership

Information

The /etc/dt/config/Xservers contains entries to start the Xserver on the local display. Ensure this file is owned by root:bin and prevents group and other from writing to it.

Rationale:

The /etc/dt/config/Xservers contains entries to start the Xserver on the local display. The default file, /usr/dt/config/Xservers, is unconditionally overwritten upon subsequent installation. It is recommended that the appropriate permissions and ownership are applied to secure the file.

Solution

Check to see if the /etc/dt/config/Xservers exists:

ls -l /etc/dt/config/Xservers

If it exists ensure that it is explicitly defined in /etc/dt/config/Xconfig:

vi /etc/dt/config/Xconfig

Replace:

Dtlogin*servers: Xservers

With:

Dtlogin*servers: /etc/dt/config/Xservers

Apply the appropriate ownership and permissions to /etc/dt/config/Xservers:

chown root:bin /etc/dt/config/Xservers
chmod go-w /etc/dt/config/Xservers

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: Unix

Control ID: e33a113ce905a8107c97000c4f5827c8d2c16e7fc3f308a5a92cd857e7ba72ab