Ensure X Window Server Services Are Disabled and Not Running : iCompaas Support

Profile Applicability:
• Level 2

Description:
The X Window Server provides graphical user interface (GUI) capabilities on Unix-like systems. If the system is intended to be used as a server or in a headless environment, disabling X Window Server services reduces unnecessary resource usage and minimizes the attack surface.

Rationale:
Disabling unused X Window Server services limits potential vulnerabilities associated with GUI components and helps maintain a minimal, secure server environment.

Impact:
Pros:

Reduces system resource consumption.
Minimizes attack surface by disabling unnecessary services.

Cons:

Disabling X Window Server on systems that require GUI will remove graphical capabilities.

Default Value:
X Window Server services may be enabled by default on desktop installations, but typically disabled on server setups.

Pre-requisites:

Root or sudo privileges to manage system services.

Remediation:

Test Plan:

Using Linux command line:

1. Check if X Window Server service is enabled:

systemctl is-enabled display-manager  
systemctl is-enabled gdm  
systemctl is-enabled lightdm

2. Check if X Window Server service is running:

systemctl status display-manager  
systemctl status gdm  
systemctl status lightdm

Implementation Plan:

Using Linux command line:

1. Disable X Window Server services:

systemctl disable display-manager  
systemctl disable gdm  
systemctl disable lightdm

2. Stop running X Window Server services

systemctl stop display-manager  
systemctl stop gdm  
systemctl stop lightdm

3. Verify services are disabled and stopped:

systemctl is-enabled display-manager  
systemctl is-enabled gdm  
systemctl is-enabled lightdm  
systemctl status display-manager  
systemctl status gdm  
systemctl status lightdm

Backout Plan:

Using Linux command line:

1. Enable and start X Window Server services if required:

systemctl enable display-manager  
systemctl start display-manager  
systemctl enable gdm  
systemctl start gdm  
systemctl enable lightdm  
systemctl start lightdm

2. Verify service status.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
Systemd Service Management

Ensure X Window Server Services Are Disabled and Not Running Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles