Check: RHEL-08-040321
RHEL 8 STIG:
RHEL-08-040321
(in versions v2 r1 through v1 r5)
Title
The graphical display manager must not be the default target on RHEL 8 unless approved. (Cat II impact)
Discussion
Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.
Check Content
Verify that the system is configured to boot to the command line: $ systemctl get-default multi-user.target If the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.
Fix Text
Document the requirement for a graphical user interface with the ISSO or reinstall the operating system without the graphical user interface. If reinstallation is not feasible, then continue with the following procedure: Open an SSH session and enter the following commands: $ sudo systemctl set-default multi-user.target A reboot is required for the changes to take effect.
Additional Identifiers
Rule ID: SV-251718r1017371_rule
Vulnerability ID: V-251718
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |