.Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-216312 | SRG-OS-000480 | SOL-11.1-020540 | SV-216312r959010_rule | 2026-02-19 | 3 |
Description
If access to the X server is not restricted, a user's X session may be compromised.
ℹ️ Check
If X Display Manager (XDM) is not used on the system, this is not applicable.
Determine if XDM is running.
Procedure:
# ps -ef | grep xdm
Determine if xauth is being used.
Procedure:
# xauth
xauth> list
If the above command sequence does not show any host other than the localhost, then xauth is not being used.
Search the system for an X*.hosts files, where * is a display number that may be used to limit X window connections.
If no files are found, X*.hosts files are not being used.
If the X*.hosts files contain any unauthorized hosts, this is a finding.
If both xauth and X*.hosts files are not being used, this is a finding.
✔️ Fix
Create an X*.hosts file, where * is a display number that may be used to limit X window connections.
Add the list of authorized X clients to the file.