[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Setup: how to respond to a portscan (This is long!)

>>>>> "Jan" == Jan Vroonhof <vroonhof@math.ethz.ch> writes:
    Jan> What struggle? XEmacs should compile on a typical Debian system,
    Jan> just using

What I meant by that was that I didn't have all the dev libraries installed 
so, after installing a couple and trying make it would later bomb on some
dev library that I hadn't installed. This is the first time that I have
installed Xemacs from sources on Debian, I had been using the official debs 

Then there was the issue with <ndbm.h> not getting found. It was located in 
/usr/include/db1 but I had to explicitly specify that dir with
--site-includes, which I thought was a bit strange.

Anyways, everything worked out just fine in the end. (I am using 20.4 BTW).

    Jan> Inspecting your logs seems like a good thing to do during the
    Jan> boring waiting period :-)

My logfiles are tailed in a bunch of eterms but I was working in a
different workspace at the time so that was my fault.

    Jan> This is the X server, i.e. one of two methods programs can use to
    Jan> access the screen (the other is unix domain sockets).  If you
    Jan> never run programs remotely you could firewall it off (letting
    Jan> localhost still have access). I think you are more or less safe as
    Jan> long as you don't do stupid things with xhosts.

I modified the WDM (XDM replacement) setup to:

  DisplayManager._0.authorize:    false

so that when I su to root I can launch X clients without having
permission/authority problems. Here is what xhost tells me now:

  @phoenix:[/home/ssahmed] xhost
  access control enabled, only authorized clients can connect

Can I assume that the above xhost and WDM settings are safe ?

Salman Ahmed
ssahmed AT interlog DOT com

Reply to: