GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock - '-core'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

These options will detract from the security of the Xwindows system.

Solution

Disable the unwanted options:
Procedure:
For gdm:
Remove the -ac, -core and -nolock options by creating a 'command' entry in the /etc/gdm/custom.conf file with the options removed.

For Xwindows started by xinit:
Create or modify the .xserverrc script in the user's home directory to remove the -ac, -core and -nolock options from the exec /usr/bin/X command.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V1R14_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|II, CCI|CCI-000366, CSCv6|3.1, Rule-ID|SV-62815r1_rule, STIG-ID|GEN000000-LNX00380, Vuln-ID|V-1022

Plugin: Unix

Control ID: d4e112decf3244d314586d9cf60bed78b7ddd38f522777e7c31b98d745b3a445