Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Posted: Dec 13, 2002 - 08:31 Hi,
Does anyone know how to stop X11 from listening. It seems to listen on port 6000.
I have managed to turn off all other services and then scanning with nmap my own machine.
It shows:-
port state Service
22/tcp open ssh
6000/tcp open X11
I could just block port 6000 but new connections can be set up on higher random allocated ports. I want to stop X11 showng as listening when scanned and prevent connections to the service and still be able to use X-windows on the localhost.
I edited the inittab to default to run level 5
I now get the GUI login
I now get a terminal window with a black background instead of white, (whys that different).
netstat -peat shows that X11 is listening on port 6000
So whys that different? anyone?
And how do I change it?, because this would be the preffered way of starting X sometimes.
ok, when I boot up into the GUI I get the gnome desktop,
thats why the default terminal is black.
When I startx manually from run level 3 I am using the ICE window manager.
I prefer the ICE wm so how do I get that to be default?
Help!
Maybe this cant be done! from the X man page I can only find Host Access. I dont think this stops X11 from listening though. It allows connections and checks if there is a permission to "connect".
Is that true.
Turns out that xdm is used for a GUI logon and that xinit is used for a manual start of the GUI.
I have rewritten the /usr/X11R6/bin/Xssession file and can get ICE wm to start as the GUI automatically
.
Now I have X11 showing up in Netstat -peat again listening on port 6000.
Its a relief in a way because I thought I was getting away from the security issue.
So, any Ideas how to stop X from listening when defaulting to the GUI during log on.
i myself was trying to do allmost the same thing as you my friend, and i found it quite tricky. my advise is to use some session-manager like gdm (gnome display manager), kdm (kde display manager) instead of just plain xdm. if you use gdm (like i do) then i might be able to help. i did like this: edit file /etc/X11/gdm/gdm.conf (at least thats where i found it on my slackware 8.1) just search for it otherwise. find the line "StandardXServer=/usr/X11R6/bin/X" and add the -nolisten tcp flag, etc "StandardXServer=/usr/X11R6/bin/X -nolisten tcp" then there is another opton witch is probably the important one, looks something like this:
#
# Definition of the standard X server.
[server-Standard]
name=Standard server
command=/usr/X11R6/bin/X
flexible=true
edit the "command=/usr/X11R6/bin/X" to "command=/usr/X11R6/bin/X -nolisten tcp" (no " off course).
save the file and try again. i tried to find out how to do the same with "xdm" but i cant seem to understand how. anyway gdm works fine for me.
hmm, i think i missed the obvios, "/etc/X11/xdm" contains a file called "Xservers" in the file there is a line ":0 local /usr/X11R6/bin/X" probably just change it to:
:0 local /usr/X11R6/bin/X -nolisten tcp will do the trick..
hope this helped.
Thanks RuZz
I will try this out.
Sorry for lack of response. I am installing a Kitchen!!
This seems to be the solution as other forums are saying the same thing.
Cheers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.