On Sat, Jul 05, 2003 at 08:31:05PM -0500, Jesse Meyer wrote: > Hello, > > Its just another warm Saturday afternoon and I'm trying to up the > security of the local network. I've noticed that I had port 1024 open > and port 6000 open, presumably for wdm and X11 respectively > > Since I use only ssh to forward X connections, I'd rather not have > X listening to the entire world. Googling, I found that editing > "/usr/bin/X11/startx" and changing two lines to: > > defaultserverargs="-nolisten tcp" > serverargs="-nolisten tcp" You should never, ever need to edit a file in /usr/bin to change a config option. With a little grepping, I found /etc/X11/xinit/xserverrc, which has that option. Note that 'nolisten tcp' has been the default for a fairly long time... > And then editing /etc/X11/wdm/Xservers and change the line to: > local /usr/bin/X11/X -nolisten tcp > > Port 6000 ends up closed, but port 1024 is still open! > > And was my method of disabling port 6000 the 'right' way of doing it > under debian? Aside from having to edit something in /usr/bin, it looks good. -- Rob Weir <rweir@ertius.org> | mlspam@ertius.org | Do I look like I want a CC? Words of the day: Chobetsu armed overthrow COSCO codes India Vickie Weaver csim
Attachment:
pgpMzfPJdOrXg.pgp
Description: PGP signature