Title

An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock. (Cat II impact)

Discussion

These options will detract from the security of the Xwindows system.

Check Content

X servers get started several ways, such as xdm, gdm or xinit. Perform: # ps –ef |grep X Output for example: /usr/X11R6/bin/X –nolisten –ctp –br vt7 –auth /var/lib/xdm/authdir/authfiles/A:0 The above example show xdm is controlling the Xserver. Check the Xservers file to ensure the following options are not enabled: -ac, -core, and -nolock . Xserver files can found in: /etc/X11/xdm/Xservers /etc/opt/kde3/share/config/kdm/Xservers /etc/X11/gdm/Xservers

Fix Text

Disable the following options: -ac, -core and -nolock.

Additional Identifiers

Rule ID: SV-1022r2_rule

Vulnerability ID: V-1022

Group Title: GEN000000-LNX00380

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.