The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.

An XCCDF Rule

Details
Profiles

Description

X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.

ID: SV-258875r991589_rule
Version: PHTN-40-000212
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "X11Forwarding" line is uncommented and set to the following:
X11Forwarding no

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.

Description

Remediation Templates

A Manual Procedure