STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The .Xauthority files must not have extended ACLs.

DISA Rule

SV-216310r603267_rule

Vulnerability Number

V-216310

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-020520

Severity

CAT II

CCI(s)

• CCI-000225 - The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the extended ACL from the file.

# chmod A- .Xauthority

Check Contents

If X Display Manager (XDM) is not used on the system, this is not applicable.

Determine if XDM is running.

Procedure:
# ps -ef | grep xdm

Check the file permissions for the .Xauthority files.
# ls -lL .Xauthority

If the permissions include a "+", the file has an extended ACL and this is a finding.

Vulnerability Number

V-216310

Documentable

False

Rule Version

SOL-11.1-020520

Severity Override Guidance

If X Display Manager (XDM) is not used on the system, this is not applicable.

Determine if XDM is running.

Procedure:
# ps -ef | grep xdm

Check the file permissions for the .Xauthority files.
# ls -lL .Xauthority

If the permissions include a "+", the file has an extended ACL and this is a finding.

Check Content Reference

M

Target Key

4022

Comments