{"description": "Systems that do not require a graphical user interface should only boot by\ndefault into <tt>multi-user.target</tt> mode. This prevents accidental booting of the system\ninto a <tt>graphical.target</tt> mode. Setting the system's default target to\n<tt>multi-user.target</tt> will prevent automatic startup of the graphical environment.\nTo do so, run:\n<pre>$ systemctl set-default multi-user.target</pre>\nYou should see the following output:\n<pre>Removed symlink /etc/systemd/system/default.target.\nCreated symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.</pre>", "rationale": "Services that are not required for system and application processes\nmust not be active to decrease the attack surface of the system.", "severity": "medium", "references": {"cis-csc": ["12", "15", "8"], "cobit5": ["APO13.01", "DSS01.04", "DSS05.02", "DSS05.03"], "isa-62443-2009": ["4.3.3.6.6"], "isa-62443-2013": ["SR 1.13", "SR 2.6", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.6.2.1", "A.6.2.2"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)"], "nist-csf": ["PR.AC-3", "PR.PT-4"], "srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the system default target is not set to \"multi-user.target\" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface", "ocil": "Verify that Ubuntu 22.04 is configured to boot to the command line:\n<pre>$ systemctl get-default</pre>\n<pre>multi-user.target</pre>", "oval_external_content": null, "fixtext": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target", "checktext": "", "vuldiscussion": "", "srg_requirement": "The graphical display manager must not be the default target on Ubuntu 22.04 unless approved.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "The graphical display manager must not be the default target on Ubuntu 22.04 unless approved.", "vuldiscussion": "Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.", "checktext": "Verify that Ubuntu 22.04 is configured to boot to the command line:\n\n$ systemctl get-default\n\nmulti-user.target\n\nIf the system default target is not set to \"multi-user.target\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.", "fixtext": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target"}}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Graphical Environment Startup By Setting Default Target", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml", "template": null}