STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 10 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 X86 Security Technical Implementation Guide

V-216114

CAT II (Medium)

X11 forwarding for SSH must be disabled.

Rule ID

SV-216114r959010_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote client during the session and perform unobtrusive activities such as keystroke monitoring, if the X11 services are not required for the system's intended function, they should be disabled or restricted as appropriate to the user's needs.

Check Content

Determine if X11 Forwarding is enabled.

# grep "^X11Forwarding" /etc/ssh/sshd_config

If the output of this command is not:

X11Forwarding no

this is a finding.

Fix Text

The root role is required.

Modify the sshd_config file.

# pfedit /etc/ssh/sshd_config

Locate the line containing:

X11Forwarding 

Change it to:

X11Forwarding no

Restart the SSH service.

# svcadm restart svc:/network/ssh