Re: X Security Issues?
Edward Guldemond <thedebategod@yifan.net> writes:
> Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
> Interesting ports on (removed) (XX.XX.XXX.XX):
> (The 1552 ports scanned but not shown below are in state: closed)
> Port State Service
> 22/tcp open ssh
> 1024/tcp open kdm
[...]
> Port State Service
> 22/tcp open ssh
[...]
> Port State Service
> 22/tcp open ssh
> 6000/tcp open X11
You can see open ports with "netstat -atuw", too.
> Now, is there any security implications of having this port open? (I
> am nmap'ing this box's external Internet interface as it is my ipmasq
> box.) If so, what files do I have to edit to get rid of it? I don't
> need X listening on this interface.
This depends on the startup method (and maybe distribution), as you
already noticed. With xdm (and debian) it is /etc/X11/xdm/Xservers.
With xinit it is /etc/X11/xinit/xserverrc.
Look at "man xinit" and "man Xserver". There you will find an option
"-nolisten".
When this is your firewall, you might consider stopping X11 and not
using this as a desktop machine at all. Every program running and
every tool installed, might be used by an attacker against you.
Regards, Olaf.
Reply to: