This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

The graphical display manager must not be the default target on AlmaLinux OS 9 unless approved.

STIG ID: ALMA-09-014320  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium (CAT II)  |  CCI: CCI-000366 |  Vulnerability Id: V-269206

Vulnerability Discussion

Unnecessary service packages must not be installed to decrease the attack surface of the system.

Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.

Check

Verify that AlmaLinux OS 9 is configured to boot to the command line:

$ systemctl get-default

multi-user.target

If the system default target is not set to "multi-user.target" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.

Fix

Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:

$ systemctl set-default multi-user.target
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.