Detections
Analytics

1.5.14 Ensure the operating system is configured to boot to the command line

Information

The graphical display manager must not be installed unless it is approved.

Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.

Solution

Document the requirement for a graphical user interface with the ISSO or reinstall the operating system without the graphical user interface.

If reinstallation is not feasible, open an SSH session and run the following commands:

# systemctl set-default multi-user.target

A reboot is required for the changes to take effect.

See Also

https://workbench.cisecurity.org/benchmarks/19886

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, Rule-ID|SV-251718r809378_rule, Vuln-ID|V-251718

Plugin: Unix

Control ID: a685227ce3acb25527a5eae1c8565cd9a2e93bbd1076161b8aec5c2e06923911