ALMA-09-014320 - The graphical display manager must not be the default target on AlmaLinux OS 9 unless approved.

Information

Unnecessary service packages must not be installed to decrease the attack surface of the system.

Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.

Solution

Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:

$ systemctl set-default multi-user.target

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-269206r1050088_rule, STIG-ID|ALMA-09-014320, Vuln-ID|V-269206

Plugin: Unix

Control ID: f9f3f8ee5b88fae7763298570b2feb83655a31412ee436711c6c1fc033938572