.Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server.

From Oracle Linux 5 Security Technical Implementation Guide

Part of GEN005220

Associated with: CCI-000297

SV-63313r1_rule .Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server.

Vulnerability discussion

If access to the X server is not restricted, a user's X session may be compromised.

Check content

Determine if the X server is running. Procedure: # ps -ef |grep X Determine if xauth is being used. Procedure: # xauth xauth> list If the above command sequence does not show any host other than the localhost, then xauth is not being used. Search the system for an X*.hosts file, where "*" is a display number used to limit X window connections. If no files are found, X*.hosts files are not being used. If the X*.hosts files contain any unauthorized hosts, this is a finding. If both xauth and X*.hosts files are not being used, this is a finding.

Fix text

Create an X*.hosts file, where "*" is a display number used to limit X window connections. Add the list of authorized X clients to the file.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer