LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-24-2007, 10:11 AM   #1
aal
Member
 
Registered: Jul 2006
Location: Qld
Distribution: Debian sid
Posts: 159

Rep: Reputation: 16
xauth what's this output mean?


Hi,

I opened a shell and typed xauth list and got:

linux-xxxx/displayname:0 MIT-MAGIC-COOKIE-1 randomstring1
linux-xxxx/displayname:1 MIT-MAGIC-COOKIE-1 random string2
123.156.78.101:0 MIT-MAGIC-COOKIE-1 randomstring3

(Where I've obviously changed the text a bit).

The first two lines I understand, but what does the third one mean? Why should an IP address have access to my X server?

And, why didn't the xauth list command finish?

xauth info command says there should be 7 entries in the file. Did I only get 3?

regards..... andrew.

Last edited by aal; 08-24-2007 at 06:35 PM.
 
Old 08-24-2007, 08:33 PM   #2
aal
Member
 
Registered: Jul 2006
Location: Qld
Distribution: Debian sid
Posts: 159

Original Poster
Rep: Reputation: 16
Hi,

A bit more information.

When I do the same command: xauth list as root, there's only one entry and the command finishes immediately.

As user, there is a time delay between the first two lines (for the local screens) and the lines containing IP addresses (three such lines printed last time I did the command, then the process just continued ad infinitum with no more output). And there was internet activity whenever the lines containing IP addresses printed.

There's nothing directly related to this in the man page.

regards..... andrew.
 
Old 08-26-2007, 07:39 PM   #3
aal
Member
 
Registered: Jul 2006
Location: Qld
Distribution: Debian sid
Posts: 159

Original Poster
Rep: Reputation: 16
Hi,

I finally got all seven entries expected from the xauth list command to display. After much research, I'm still not sure how five IP addresses came to have magic cookies assigned in my home/user/.Xauthority file.

I've never used telnet, rlogin, xhosts or ssh or anything similar. I was silly enough to think firefox browsing was safe due to conservativeness of firewall default settings.

Anyway, on balance I felt I had to remove all the entries belonging to IP addresses. Done. But that leaves me with a few more questions:

Given I haven't used any remote login software, (and assuming that these entries actually do mean that "security" had been compromised), how could it have happened? Firewall remains in default settings (suse 10.1).

Before I change all the passwords, how do I know there isn't something else left behind, such as a keystroke monitor? I suppose that's a pretty tough question.

Can anyone recommend any resource that summarises the basic security steps that even a complete security newbie should and could implement? Stuff like: never browse internet as root? How to know if default firewall settings are safe? etc etc.

regards.... andrew.
 
Old 09-17-2007, 05:45 AM   #4
aal
Member
 
Registered: Jul 2006
Location: Qld
Distribution: Debian sid
Posts: 159

Original Poster
Rep: Reputation: 16
Hi,

I wonder, could those IPs have slipped into my xauthorities via limewire??

regards... andrew.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
xauth help rf01001 Linux - Newbie 19 06-03-2007 03:40 PM
about xauth? Chowroc Linux - General 6 05-24-2005 06:21 PM
How to use xauth? Chowroc Linux - Networking 1 05-22-2005 11:31 AM
startx, xauth Steve009 Slackware 4 05-20-2003 06:28 AM
su - and xauth .. doublefailure Linux - General 0 03-05-2003 04:46 PM


All times are GMT -5. The time now is 12:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration