diff --git a/benchmarks/system-configurations/4.70-ensure-xdmcp-is-not-enabled.md b/benchmarks/system-configurations/4.70-ensure-xdmcp-is-not-enabled.md
new file mode 100644
index 0000000000000000000000000000000000000000..ead255b80846175b041be363aa815f38eab55ce6
--- /dev/null
+++ b/benchmarks/system-configurations/4.70-ensure-xdmcp-is-not-enabled.md
@@ -0,0 +1,36 @@
+# 4.70 确保没有启用XDMCP
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+X显示监控协议(X Display Manager Control Protocol, XDMCP)：管理与操控 X server 的显示内容，并提供登录验证。
+
+但XDMCP服务是不安全的：
+- XDMCP不是加密协议，这可能导致用户的输入内容被攻击者捕获；
+- XDMCP容易受到中间人攻击：攻击者伪装为XDMCP服务器，截获合法用户的登录请求，从而导致凭据泄露等问题。
+
+## 修复建议
+
+编辑文件`/etc/gdm/custom.conf`并删掉以下行：
+
+```bash
+Enable=true
+```
+
+## 扫描检测
+
+运行以下命令并验证输出结果:
+
+```bash
+# grep -Eis '^\s*Enable\s*=\s*true' /etc/gdm/custom.conf
+Nothing should be returned
+```
+
+如果没有任何输出，则说明通过检查，否则检测未通过。
+
+## 参考
+
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
\ No newline at end of file
diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index 75c80019efc7b43e046c4c98ddf9c6dbfe5c86fd..8f880836500fb6cd9283441b3e71713e4797bac5 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -169,6 +169,7 @@
 | 4.67     | 4.67-ensure-system-histfilesize-100.md                       | 4.67 限制历史命令存储文件的保存数量                  | benchmarks/system-configurations    | 1     |
 | 4.68     | 4.68-ensure-permissions-TMP-is-correct.md                    | 4.68 为公共目录/tmp添加粘贴位                        | benchmarks/system-configurations    | 1     |
 | 4.69     | 4.69-ensure-permissions-on-ssh-priv-and-pub-key-are-right.md | 4.69 严格要求SSH公私钥文件权限配置正确               | benchmarks/system-configurations    | 3     |
+| 4.70     | 4.70-ensure-xdmcp-is-not-enabled.md                          | 4.70 确保没有启用XDMCP                               | benchmarks/system-configurations    | 1     |
 | 5.1      | 5.1-ensure-selinux-is-installed.md                           | 5.1 确保SElinux工具已安装                            | benchmarks/mandatory-access-control | 1     |
 | 5.2      | 5.2-ensure-selinux-policy-is-configured.md                   | 5.2 确保SELinux调用mls策略                           | benchmarks/mandatory-access-control | 3     |
 | 5.3      | 5.3-ensure-the-selinux-mode-is-enabled.md                    | 5.3 确保SELinux不是禁用模式                          | benchmarks/mandatory-access-control | 3     |
diff --git a/remediation-kits/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh b/remediation-kits/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh
new file mode 100644
index 0000000000000000000000000000000000000000..580737fa502c18963654f7d52e287e69401a98bb
--- /dev/null
+++ b/remediation-kits/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+grep -Eisq '^\s*Enable\s*=\s*true' /etc/gdm/custom.conf && sed -i '/\s*Enable\s*=\s*true/Id' /etc/gdm/custom.conf
\ No newline at end of file
diff --git a/scanners/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh b/scanners/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9f9867416d29e6fa951e6f6e72cd88aea66bd100
--- /dev/null
+++ b/scanners/system-configurations/4.70-ensure-xdmcp-is-not-enabled.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+result=true
+
+grep -Eisq '^\s*Enable\s*=\s*true' /etc/gdm/custom.conf && result=false
+
+if [ "$result" == true ]; then
+    echo "pass"
+else
+    echo "fail"
+fi
\ No newline at end of file