Signed-off-by: David Smith dsmith@eclipse.ncsc.mil --- RHEL6/input/services/xorg.xml | 61 +---------------------------------------- 1 files changed, 1 insertions(+), 60 deletions(-)
diff --git a/RHEL6/input/services/xorg.xml b/RHEL6/input/services/xorg.xml index 5b60568..f55c2fc 100644 --- a/RHEL6/input/services/xorg.xml +++ b/RHEL6/input/services/xorg.xml @@ -36,65 +36,6 @@ To do so, run the following command: <oval id="package_xorg-x11-server-common_removed" /> </Rule>
-<Group id="xwindows_startx"> -<title>Lock Down X Windows startx Configuration if Necessary</title> -<description>If X is not to be started at boot time but the -software must remain installed, users will be able to run X -manually using the <tt>startx</tt> command. In some cases, this runs -X with a configuration which is less safe than the default. Follow these -instructions to mitigate risk from this -configuration.</description> - -<Group id="xwindows_no_listen"> -<title>Disable X Window System Listening</title> -<description>To prevent X.org from listening for remote -connections, create the file <tt>/etc/X11/xinit/xserverrc</tt> and -fill it with the following line: -<pre>exec X :0 -nolisten tcp $@</pre> -One of X.org's features is the ability to provide remote -graphical display. This feature should be disabled unless it is -required. If the system uses <tt>runlevel 5</tt>, which is the default, -the GDM display manager starts X safely, with remote listening -disabled. However, if X is started from the command line with the -<tt>startx</tt> command, then the server will listen for new connections -on X's default port, 6000. -<br /><br /> -See the <tt>xinit(1)</tt>, <tt>startx(1)</tt>, and <tt>Xserver(1)</tt> -man pages for more information.</description> - -<Rule id="xwindows_remote_listening"> -<title>Disable X Window System Listening</title> -<description>Disable the ability to provide remote graphical -display</description> -<ident cce="4074-1" /> -<oval id="xwindows_remote_listening" /> -</Rule> -</Group> -</Group> - -</Group> - -<Group id="xwindows_configuration"> -<title>Configure X Windows if Necessary</title> -<description>If there is an operational need for the system -to run a GUI, apply the following guidance. -</description> - -<Rule id="set_gdm_login_banner"> -<title>Create Warning Banners for GUI Login -Users</title> -<description>To ensure the GNOME display manager displays a warning banner prior to login, -edit the file <tt>/etc/gdm/custom.conf</tt>. Locate the -<tt>[greeter]</tt> section, and correct that section to contain the lines: -<pre>[greeter] -InfoMsgFile=/etc/issue</pre> -This setting will cause the system greeting banner to be displayed in a box -prior to GUI login. If the default banner font is inappropriate, it can be -changed by specifying the <tt>InfoMsgFont</tt> directive as well, for instance: -<pre>InfoMsgFont=Sans 12</pre> -</description> -<ident cce="3717-6" /> -<oval id="banner_gui_gdm" /> -</Rule> +<!-- to add: guidance in /etc/gdm/custom.conf for xdmcp disable, tcplisten disable --> </Group> </Group>