closing port 6000

older
Re: [suse-security] closing port...

david

19 Jan 2004 19 Jan '04

16:11

how do i close the port 6000 ? i had try editing the /etc/X11/xdm/Xservers, and /opt/kde3/share/config/kdm/ Xservers, and add the "-nolisten tcp" switch but nothing happens... is there another configuration file to close this port ? Thanks

Show replies by date

Carl Peto

20 Jan 20 Jan

12:07

New subject: [suse-security] closing port 6000

I'm a bit stumped by this too. I think the place to start is the files in /opt/kde3/share/config/kdm. Looking there I see another Xservers file. Unfortunately changing this doesn't seem to work either. The README suggests changing the files in /etc/X11/xdm and then running a program called <kdebase-sources>/kdm/kfrontend/genkdmconf that I can't find. Possibly a source package needs installing. Anyway it's definitely a kdm issue because I've tried running X on it's own (with kdm stopped) using the -nolisten tcp parameter and it doesn't open a tcp socket - which is what you want. I've had problems with kdm config before. Another suggestion (that I can't try from here at the moment) is to look carefully through the YaST2 configuration for kdm for command line parameters to X. That's probably the "supported" route and bypasses all this wierdness where it's kinda ignoring the Xservers file. Tell us if you find the answer, I'd be interested! Another way out of this, possibly... You have presumably seen that a Linux box is "listening" for TCP connections on port 6000 by using the command netstat -tlnp or something like that right? That just shows that the linux box will listen indiscriminately for connections in the absence of a firewall. If you have a firewall in place on that box (or even better between that box and the internet, on a dedicated router/gateway/firewall box) then the port will not be "open" to the internet anyway. All firewalls will block port 6000 as the standard X-Windows protocol is notoriously insecure. Regards, Carl ----- Original Message ----- From: "david" To: Sent: Monday, January 19, 2004 4:11 PM Subject: [suse-security] closing port 6000

...

how do i close the port 6000 ? i had try editing the /etc/X11/xdm/Xservers, and /opt/kde3/share/config/kdm/ Xservers, and add the "-nolisten tcp" switch but nothing happens...

is there another configuration file to close this port ?

Thanks

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Peter Wiersig

12:11

New subject: [suse-security] closing port 6000

david wrote:

...

is there another configuration file to close this port ?

/etc/opt/kde3/share/config/kdm This may/should be a link (or /opt/... should be) -- Have fun, Peter

Philippe Vogel

15:03

New subject: [suse-security] closing port 6000

...

david wrote:

...
is there another configuration file to close this port ?

/etc/opt/kde3/share/config/kdm

This may/should be a link (or /opt/... should be)

With yast you can configure there is no remote access to X. If you want to have ports not closed but in steath mode you will have to patch iptables with the grsecurity iptables-patch (you will need kernel sources as well). This patch implements steathmode for filtering (afaik this will even not work with ack-packets scans). Philippe

david

19:29

New subject: [suse-security] closing port 6000

I dont want to filter the port, I want to close it i dont understand why i easly can close port 6000 on slackware and mandrake but suse just cant On Tuesday 20 January 2004 9:03 am, Philippe Vogel wrote:

...

...
david wrote:

...
is there another configuration file to close this port ?

/etc/opt/kde3/share/config/kdm

This may/should be a link (or /opt/... should be)

With yast you can configure there is no remote access to X.

If you want to have ports not closed but in steath mode you will have to patch iptables with the grsecurity iptables-patch (you will need kernel sources as well). This patch implements steathmode for filtering (afaik this will even not work with ack-packets scans).

Philippe

Lindomar Santos

19:33

New subject: [suse-security] closing port 6000

Hi David, You have to edit /etc/opt/kde3/share/config/kdm/Xservers :0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp ps: In suse box 8.2 __|__ By Lindomar, o---*--(*)--*---o http://wecanstopspam.org On Tue, 20 Jan 2004, david wrote:

...

I dont want to filter the port, I want to close it i dont understand why i easly can close port 6000 on slackware and mandrake but suse just cant

On Tuesday 20 January 2004 9:03 am, Philippe Vogel wrote:

...
...
david wrote:

...
is there another configuration file to close this port ?

/etc/opt/kde3/share/config/kdm

This may/should be a link (or /opt/... should be)

With yast you can configure there is no remote access to X.

If you want to have ports not closed but in steath mode you will have to patch iptables with the grsecurity iptables-patch (you will need kernel sources as well). This patch implements steathmode for filtering (afaik this will even not work with ack-packets scans).

Philippe

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Keith Roberts

21:14

New subject: [suse-security] closing port 6000

I've had problems with this too. My workaround what I use now is instead of starting Xwindows with startx from the console, I use the following script. On Tue, 20 Jan 2004, Lindomar Santos wrote:

...

To: david From: Lindomar Santos Subject: Re: [suse-security] closing port 6000

Hi David,

You have to edit /etc/opt/kde3/share/config/kdm/Xservers

:0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp

ps: In suse box 8.2

__|__ By Lindomar, o---*--(*)--*---o http://wecanstopspam.org

On Tue, 20 Jan 2004, david wrote:

...
I dont want to filter the port, I want to close it i dont understand why i easly can close port 6000 on slackware and mandrake but suse just cant

On Tuesday 20 January 2004 9:03 am, Philippe Vogel wrote:

...
...
david wrote:

...
is there another configuration file to close this port ?

/etc/opt/kde3/share/config/kdm

This may/should be a link (or /opt/... should be)

With yast you can configure there is no remote access to X.

If you want to have ports not closed but in steath mode you will have to patch iptables with the grsecurity iptables-patch (you will need kernel sources as well). This patch implements steathmode for filtering (afaik this will even not work with ack-packets scans).

Philippe

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Richard

21:39

New subject: [suse-security] closing port 6000

...

You have to edit /etc/opt/kde3/share/config/kdm/Xservers :0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp Thanks. This works for me. For some reason I never thought of looking under /etc, and as others have noted, changing this in /opt/kde3/share/config/kdm/Xservers doesn't really do anything.

Now, if I can find out (or you folks can tell me ;-)) why port 111 - sunrpc is open... Cheers, Richard

Markus Gaugusch

21:32

New subject: [suse-security] closing port 6000

On Jan 20, Richard wrote:

...

Now, if I can find out (or you folks can tell me ;-)) why port 111 - sunrpc is open... # netstat -anp | grep :111 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 940/portmap

Just remove the portmap service (insserv -r portmap ; rcportmap stop). But you can only do this, if you don't use NFS mounts! (they rely on portmap) Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \

Richard

21:52

New subject: [suse-security] closing port 6000

...

...
Now, if I can find out (or you folks can tell me ;-)) why port 111 - sunrpc is open...

# netstat -anp | grep :111 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 940/portmap

Just remove the portmap service (insserv -r portmap ; rcportmap stop). But you can only do this, if you don't use NFS mounts! Thanks. I now have finished the big closing of the ports over here, and learned a new command (insserv) as well. Fruitfull evening it has been.

Cheers, richard

Avtar Gill

21:45

New subject: [suse-security] closing port 6000

Richard wrote:

...

Now, if I can find out (or you folks can tell me ;-)) why port 111 - sunrpc is open...

portmap is probably running, disable it by going to yast -> system -> Runlevel Editor. Now NFS won't work unless you enable portmap again.

gregor

22:04

New subject: [suse-security] closing port 6000

Hallo,

...

You have to edit /etc/opt/kde3/share/config/kdm/Xservers :0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp

I also had the problem until now, but this solution works for me too. The only ports open at this time are ssh / 22 and mysql / 3306, and i want to close port 3306. could you please tell me how to do this? thanks, gregor

Markus Gaugusch

22:34

New subject: [suse-security] closing port 6000

...

I also had the problem until now, but this solution works for me too. The only ports open at this time are ssh / 22 and mysql / 3306, and i want to close port 3306. could you please tell me how to do this? Add to the init script /etc/init.d/mysql in the else branch of the start)

On Jan 20, gregor wrote: section the following line (between the other options) --bind-address=127.0.0.1 \ (don't forget the trailing backslash!) I really wonder, why this isn't even configurable with a config file/yast...? Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \

7409

Age (days ago)

7410

Last active (days ago)

List overview

Download

12 comments

10 participants

participants (10)

Avtar Gill
Carl Peto
david
gregor
Keith Roberts
Lindomar Santos
Markus Gaugusch
Peter Wiersig
Philippe Vogel
Richard