Mailinglist Archive: opensuse-security (1 mails)

< Previous Next >
[opensuse-security] No firewall and X server listening globally
Hi!

I have installed several OpenSUSE machines during recent years and I
believe they always enabled the firewall by default. At least I don't
remember having done anything special and the firewall was active. Some
installations were done from promotion DVDs, others from some image
downloaded, not sure which variant.

My last installation I made from a 13.2 KDE Live image. To my surprise
the firewall is not activated. Again I'm quite sure I made no
non-default choices in that direction and I don't remember having seen a
selection in the installer where I could have explicitly chosen to
enable it.

By default the X server does not listen to TCP port at all. That's fine,
especially if there is no firewall. But if I start am additional session
(KDE menu "Switch user") the second X server is listing to TCP port 6001
globally.

$ ps -fp $(pgrep -d , Xorg)
UID PID PPID C STIME TTY TIME CMD
root 1543 1499 0 14:25 tty7 00:00:09 /usr/bin/Xorg -br :0 vt7
-nolisten tcp -seat seat0 -auth /var/lib/kdm/AuthFiles/A:0-kwjL1b
root 2387 1499 0 14:27 tty8 00:00:01 /usr/bin/Xorg -br :1 vt8 -seat
seat0 -auth /var/lib/kdm/AuthFiles/A:1-m4GpQa

$ sudo /usr/sbin/ss -ltpn | grep Xorg
LISTEN 0 128 *:6001 *:*
users:(("Xorg",pid=2387,fd=3))
LISTEN 0 128 :::6001 :::*
users:(("Xorg",pid=2387,fd=1))

Questions: Does everything I see here work as it should?

1.) Firewall not active by default
2.) 2nd X server listening to TCP


Regards,

Uwe


P.S. Apologies for being a bit vague on the installation. But I don't
have spare machines and installation takes quite long, especially when
having to do it on a small virtual machine. So I take the freedeom to
violate the rule of investigate first and ask stupid questions
on the list thereafter...


Uwe Geuder
Nomovok Ltd.
Tampere, Finland
uwe.gxuder@xxxxxxxxxxx (bot test: humans correct 1 obvious spelling error)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages