The graphical display manager must not be the default target on OL 8 unless approved.

An XCCDF Rule

Details
Profiles

Description

Internet services that are not required for system or application processes must not be active to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.

ID: SV-252663r991589_rule
Version: OL08-00-040321
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Document the requirement for a graphical user interface with the ISSO or reinstall the operating system without the graphical user interface. If reinstallation is not feasible, then continue with the following procedure:

Open an SSH session and enter the following commands:

$ sudo systemctl set-default multi-user.target

A reboot is required for the changes to take effect.

The graphical display manager must not be the default target on OL 8 unless approved.

Description

Remediation Templates

A Manual Procedure