RHEL 10 must not default to the graphical display manager unless approved.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-281297 | SRG-OS-000095-GPOS-00049 | RHEL-10-700940 | SV-281297r1166843_rule | 2026-03-11 | 1 |
Description
Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used unless approved and documented.
ℹ️ Check
Verify RHEL 10 is configured to boot to the command line with the following command:
$ systemctl get-default
multi-user.target
If the system default target is not set to "multi-user.target", and the information system security officer lacks a documented requirement for a graphical user interface, this is a finding.
✔️ Fix
Configure RHEL 10 to boot to the command line by setting the default target to "multi-user" with the following command:
$ sudo systemctl set-default multi-user.target