From f284885e417d86c408c9f94db02b4b7066d316be Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 7 Feb 2022 11:34:16 +0100
Subject: [PATCH] Add RHEL-08-040321 to RHEL8 STIG profile

The STIG doesn't recommend the systems to target the graphical
environment by default.
---
 .../disabling_xwindows/xwindows_runlevel_target/rule.yml       | 1 +
 products/rhel8/profiles/stig.profile                           | 3 +++
 products/rhel8/profiles/stig_gui.profile                       | 3 +++
 tests/data/profile_stability/rhel8/stig.profile                | 1 +
 4 files changed, 8 insertions(+)

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
index de0e359a44e..df56a30be80 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
@@ -39,6 +39,7 @@ references:
     nist: CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.AC-3,PR.PT-4
     srg: SRG-OS-000480-GPOS-00227
+    stigid@rhel8: RHEL-08-040321
 
 ocil_clause: 'the X windows display server is running and/or has not been disabled'
 
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index 09fa85df181..ffca983d0bd 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -1169,6 +1169,9 @@ selections:
     # RHEL-08-040320
     - xwindows_remove_packages
 
+    # RHEL-08-040321
+    - xwindows_runlevel_target
+
     # RHEL-08-040330
     - network_sniffer_disabled
 
diff --git a/products/rhel8/profiles/stig_gui.profile b/products/rhel8/profiles/stig_gui.profile
index d1577215b07..d29ceb9c54e 100644
--- a/products/rhel8/profiles/stig_gui.profile
+++ b/products/rhel8/profiles/stig_gui.profile
@@ -35,3 +35,6 @@ extends: stig
 selections:
     # RHEL-08-040320
     - '!xwindows_remove_packages'
+
+    # RHEL-08-040321
+    - '!xwindows_runlevel_target'
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index 9c05c27117c..e4fee44f9f9 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -398,6 +398,7 @@ selections:
 - usbguard_generate_policy
 - wireless_disable_interfaces
 - xwindows_remove_packages
+- xwindows_runlevel_target
 - var_rekey_limit_size=1G
 - var_rekey_limit_time=1hour
 - var_accounts_user_umask=077