Re: [SLE] Re: [suse-security] X listening on 6000?
Hi, Ben, if you had a dollar for every time... I tried this, however, it didn't work. I tried a number of other things in ignorance (e.g. playing with the 'startx' function definition in /etc/profile). None of these things worked. Then, to see if it would work at all, I booted in runlevel 2 and did 'startx -- -nolisten -tcp". Now TCP no longer listens, and it doesn't show up on scans. But i want this to be done automatically, so if i do graphical logins it will still happen. I think it will be necessary to edit the init script where the startx command is issued. Does anyone know which that is? I grepped the X11R6 directory and there's nothing obvious there. The X11 setup seems to have changed since all the documentation I have looked at, or else this is a SuSE peculiarity. X runs fine without TCP listening, therefore perhaps this should be an option in rc.config or YaST? Sorry to make a habit of this. Best, Corvin
alias startx='startx -- -nolisten tcp'
--> -->startx -- -nolisten tcp -->
On Mon, 4 Sep 2000, Corvin Russell wrote:
definition in /etc/profile). None of these things worked. Then, to see if it would work at all, I booted in runlevel 2 and did 'startx -- -nolisten -tcp". Now TCP no longer listens, and it doesn't show up on scans. But i want this to be done automatically, so if i do graphical logins it will still happen. I think it will be necessary to edit the init script where the startx command is issued. Does anyone know
Startup in the "graphical login" mode is done by xdm (or kdm or gdm). You can add options to the X-Server in /usr/X11R6/lib/X11/xdm/Xservers
X runs fine without TCP listening, therefore perhaps this should be an option in rc.config or YaST?
I'm not shure because I haven't tried but I think "plain old" X traffic from the outside e.g. running an application on another machine with a display on your machine will not be possible. Using ssh's tunneling might still work though (slower due to encryption but also more secure). Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
On Mon, 4 Sep 2000, Corvin Russell wrote:
Startup in the "graphical login" mode is done by xdm (or kdm or gdm). You can add options to the X-Server in /usr/X11R6/lib/X11/xdm/Xservers
That's right, and was kindly confirmed by Dr. Werner Fink:
Simply use /etc/skel/.xserverrc.secure as ~/.xserverrc and add
your option at the end of the options for the Xserver.
For xdm see the file Xservers (location in /usr/X11R6/lib/X11/xdm/ or
/etc/X11/xdm/) and add your option.
So there it is for future reference. Now I wonder why
/etc/skel/.xserverrc.secure didn't show up on any of my various
searches? Anyhow, problem solved.
Best
--
Corvin Russell
participants (2)
-
Corvin Russell -
Robert Casties