The graphical login service provides the capability of logging into the system using an X-Windows type interface from the console. If graphical login access for the console is required, the service must be in local-only mode.

From Solaris 11 SPARC Security Technical Implementation Guide

Associated with: CCI-000366

SV-60801r1_rule The graphical login service provides the capability of logging into the system using an X-Windows type interface from the console. If graphical login access for the console is required, the service must be in local-only mode.

Vulnerability discussion

Externally accessible graphical desktop software may open the system to remote attacks.

Check content

Determine if the X11 server system is providing remote services on the network. # svcprop -p options/tcp_listen svc:/application/x11/x11-server If the output of the command is "true" and network access to graphical user login is not required, this is a finding.

Fix text

The System Administrator profile is required: Configure the X11 server for local system only graphics access. # pfexec svccfg -s svc:/application/x11/x11-server setprop options/tcp_listen=false

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.