GEN000000-LNX00360 - The X server must have the correct options enabled - ':0 /usr/bin/X:0'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Without the correct options enabled, the Xwindows system would be less secure and there would be no screen timeout.

Solution

Enable the following options: -audit (at level 4), -auth and -s with 15 minutes as the timeout value.

Procedure for gdm:
Edit /etc/gdm/custom.conf and add the following:
[server-Standard]
name=Standard server
command=/usr/bin/Xorg -br -audit 4 -s 15
chooser=false
handled=true
flexible=true
priority=0

Procedure for xinit:
Edit or create a .xserverrc file in the user's home directory containing the startup script for xinit.
This script must have an exec line with at least these options:

exec /usr/bin/X -audit 4 -s 15 -auth <Xauth file> &

The <Xauth file> is created using the 'xauth' command and is customarily located in the user's home directory with the name '.Xauthority'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CAT|II, CCI|CCI-000366, CSCv6|16.5, Rule-ID|SV-62805r1_rule, STIG-ID|GEN000000-LNX00360, Vuln-ID|V-1021

Plugin: Unix

Control ID: 4faf68232f1fd1ebd9ea9bfab09aeedbaaf777add550fa458f8b6d1e8676c77c