.Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server.

An XCCDF Rule

Description

If access to the X server is not restricted, a user's X session may be compromised.

ID: SV-216077r959010_rule
Version: SOL-11.1-020540
Severity: Medium
References: CCI-000297 CCI-000366
Updated: about 2 months ago

Remediation Templates

Create an X*.hosts file, where * is a display number that may be used to limit X window connections. 

Add the list of authorized X clients to the file.