Detections
Analytics
RHEL-07-040730 - The Red Hat Enterprise Linux operating system must not have a graphical display manager installed unless approved.
Information
Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used unless approved and documented.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Document the requirement for a graphical user interface with the ISSO or reinstall the operating system without the graphical user interface. If reinstallation is not feasible, then continue with the following procedure:Open an SSH session and enter the following commands:
$ sudo systemctl set-default multi-user.target
$ sudo yum remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils
A reboot is required for the changes to take effect.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R15_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 7 STIG v3r15
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-204624r991589_rule, STIG-ID|RHEL-07-040730, STIG-Legacy|SV-86931, STIG-Legacy|V-72307, Vuln-ID|V-204624
Plugin: Unix
Control ID: 68d7651c37f0c8feda6d0e0793ebfbce35950e0079e97fb9fd106ead6638ed56