65a7bc44dc
This patch disables the graphical interface on a system to meet the STIG's requirements. This was only a check previously. Deployers have the option to opt out of this change if they *really* need a graphical interface. Documentation updates and a release note are included. Change-Id: Ia4c4853f7c9b66c6e1ac91c46fb8e7d48c80a408
1.0 KiB
In Ubuntu 14.04, the upstart init system looks for the default
runlevel in the /etc/init/rc-sysinit.conf file. The tasks
in the security role will ensure that the DEFAULT_RUNLEVEL
environment variable is set to 2, which is a non-graphical
runlevel.
In Ubuntu 16.04 and CentOS 7, systemd handles various targets, which are similar to runlevels from earlier init systems. There are two targets that are important for this STIG:
graphical.target: similar to runlevel 5 from earlier init systemsmulti-user.target: similar to runlevel 2 or 3 from earlier init systems
The tasks in the security role will ensure that the default target is
the multi-user.target, which provides a text-based
system.
Deployers can opt out of this change by setting an Ansible variable:
security_disable_x_windows: noNote
This change will not take effect until the server is rebooted. Changing a runlevel on an actively running system can cause certain services to stop, start, or restart.