5.2.34 Ensure remote X connections are encrypted.

Information

The operating system must be configured so that remote X connections for interactive users are encrypted.

Rationale:

Open X displays allow an attacker to capture keystrokes and execute commands remotely.

Solution

Configure SSH to encrypt connections for interactive users.
Edit the /etc/ssh/sshd_config file to uncomment or add the line for the X11Forwarding keyword and set its value to yes (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
Example: vim /etc/ssh/sshd_config
Add, uncomment or update the following line:

X11Forwarding yes

The SSH service must be restarted for changes to take effect:

# systemctl restart sshd

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72303

Rule ID: SV-86927r4_rule

STIG ID: RHEL-07-040710

Severity: CAT I

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 5d7240e8951e541d189233b12ec7511b63551d881fa90af2f3872714939fc24c