Re: Security Setup: how to respond to a portscan (This is long!)
>>>>> "Jan" == Jan Vroonhof <vroonhof@math.ethz.ch> writes:
Jan> What struggle? XEmacs should compile on a typical Debian system,
Jan> just using
What I meant by that was that I didn't have all the dev libraries installed
so, after installing a couple and trying make it would later bomb on some
dev library that I hadn't installed. This is the first time that I have
installed Xemacs from sources on Debian, I had been using the official debs
previously.
Then there was the issue with <ndbm.h> not getting found. It was located in
/usr/include/db1 but I had to explicitly specify that dir with
--site-includes, which I thought was a bit strange.
Anyways, everything worked out just fine in the end. (I am using 20.4 BTW).
Jan> Inspecting your logs seems like a good thing to do during the
Jan> boring waiting period :-)
My logfiles are tailed in a bunch of eterms but I was working in a
different workspace at the time so that was my fault.
Jan> This is the X server, i.e. one of two methods programs can use to
Jan> access the screen (the other is unix domain sockets). If you
Jan> never run programs remotely you could firewall it off (letting
Jan> localhost still have access). I think you are more or less safe as
Jan> long as you don't do stupid things with xhosts.
I modified the WDM (XDM replacement) setup to:
DisplayManager._0.authorize: false
so that when I su to root I can launch X clients without having
permission/authority problems. Here is what xhost tells me now:
@phoenix:[/home/ssahmed] xhost
access control enabled, only authorized clients can connect
INET:phoenix
LOCAL:
Can I assume that the above xhost and WDM settings are safe ?
--
Salman Ahmed
ssahmed AT interlog DOT com
Reply to: