Title

The X server must have the correct options enabled. (Cat II impact)

Discussion

Without the correct options enabled, the Xwindows system would be less secure and there would be no screen timeout.

Check Content

X servers get started several ways, such as xdm, gdm or xinit. Perform: # ps –ef |grep X Output for example: /usr/X11R6/bin/X –nolisten –ctp –br vt7 –auth /var/lib/xdm/authdir/authfiles/A:0 Check the Xservers file to ensure the following options are enabled: -audit, -auth, and –s 15. Xserver files can found in: /etc/X11/xdm/Xservers /etc/opt/kde3/share/config/kdm/Xservers /etc/X11/gdm/Xservers

Fix Text

Enable the following options: -audit (at level 4), -auth and -s with 15 minutes as the timeout value.

Additional Identifiers

Rule ID: SV-1021r2_rule

Vulnerability ID: V-1021

Group Title: GEN000000-LNX00360

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.