65a7bc44dc
This patch disables the graphical interface on a system to meet the STIG's requirements. This was only a check previously. Deployers have the option to opt out of this change if they *really* need a graphical interface. Documentation updates and a release note are included. Change-Id: Ia4c4853f7c9b66c6e1ac91c46fb8e7d48c80a408
27 lines
1.0 KiB
ReStructuredText
27 lines
1.0 KiB
ReStructuredText
In Ubuntu 14.04, the upstart init system looks for the default runlevel in the
|
|
``/etc/init/rc-sysinit.conf`` file. The tasks in the security role will ensure
|
|
that the ``DEFAULT_RUNLEVEL`` environment variable is set to ``2``, which is a
|
|
non-graphical runlevel.
|
|
|
|
In Ubuntu 16.04 and CentOS 7, systemd handles various targets, which are
|
|
similar to runlevels from earlier init systems. There are two targets that are
|
|
important for this STIG:
|
|
|
|
* ``graphical.target``: similar to runlevel 5 from earlier init systems
|
|
* ``multi-user.target``: similar to runlevel 2 or 3 from earlier init systems
|
|
|
|
The tasks in the security role will ensure that the default target is the
|
|
``multi-user.target``, which provides a text-based system.
|
|
|
|
Deployers can opt out of this change by setting an Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_disable_x_windows: no
|
|
|
|
.. note::
|
|
|
|
This change will not take effect until the server is rebooted. Changing a
|
|
runlevel on an actively running system can cause certain services to stop,
|
|
start, or restart.
|