STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All .Xauthority files must have mode 0600 or less permissive.

DISA Rule

SV-216309r603267_rule

Vulnerability Number

V-216309

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-020510

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000225 - The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Weight

10

Fix Recommendation

Change the mode of the .Xauthority files.

Procedure:
# chmod 0600 .Xauthority

Check Contents

If X Display Manager (XDM) is not used on the system, this is not applicable.

Determine if XDM is running.

Procedure:
# ps -ef | grep xdm

Check the file permissions for the .Xauthority files in the home directories of users of X. Procedure:
# cd ~<X user>
# ls -lL .Xauthority

If the file mode is more permissive than 0600, this is finding.

Vulnerability Number

V-216309

Documentable

False

Rule Version

SOL-11.1-020510

Severity Override Guidance

If X Display Manager (XDM) is not used on the system, this is not applicable.

Determine if XDM is running.

Procedure:
# ps -ef | grep xdm

Check the file permissions for the .Xauthority files in the home directories of users of X. Procedure:
# cd ~<X user>
# ls -lL .Xauthority

If the file mode is more permissive than 0600, this is finding.

Check Content Reference

M

Target Key

4022

Comments