X11 forwarding for SSH must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216114 | SOL-11.1-040330 | SV-216114r959010_rule | CCI-000366 | medium |
| Description | ||||
| As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote client during the session and perform unobtrusive activities such as keystroke monitoring, if the X11 services are not required for the system's intended function, they should be disabled or restricted as appropriate to the user's needs. | ||||
| STIG | Date | |||
| Solaris 11 X86 Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-216114r959010_chk)
Determine if X11 Forwarding is enabled.
# grep "^X11Forwarding" /etc/ssh/sshd_config
If the output of this command is not:
X11Forwarding no
this is a finding.
Fix Text (F-17350r372725_fix)
The root role is required.
Modify the sshd_config file.
# pfedit /etc/ssh/sshd_config
Locate the line containing:
X11Forwarding
Change it to:
X11Forwarding no
Restart the SSH service.
# svcadm restart svc:/network/ssh