Re: Security Setup: how to respond to a portscan (This is long!)

[Jan Vroonhof <vroonhof@math.ethz.ch>]

"Salman Ahmed" <ssahmed@interlog.com> writes:

> Then there was the issue with <ndbm.h> not getting found. It was located in 
> /usr/include/db1 but I had to explicitly specify that dir with
> --site-includes, which I thought was a bit strange.

That is because the glibc maintainers have decide to move to db2 in
this way. I don't know of any real application for the database
support so it doesn't matter much.

> Anyways, everything worked out just fine in the end. (I am using 20.4 BTW).

I was just curious (given the fact that I have an jan at
xemacs.org alias).

> I modified the WDM (XDM replacement) setup to:
> 
>   DisplayManager._0.authorize:    false

This would worry me. However judging from below that in the absence of
cookies generate by ?DM the xservers falls back to host based
security. Which is "just good enough".

>   @phoenix:[/home/ssahmed] xhost
>   access control enabled, only authorized clients can connect
>   INET:phoenix
>   LOCAL:
> 
> Can I assume that the above xhost and WDM settings are safe ?

I think this is safe (assuming phoenix is your host).

Jan