LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-30-2005, 01:29 AM   #1
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Rep: Reputation: 30
disabling xhost & xauth


How can I disable or reject any requests for xhost, xauth? From what I understand an attacker can simply login if I have an ip address. But I do not do that, I don't even use x11 forwarding, I just want to lock this down so there is no way possible anyone can use xhost or manipulate xauth?
 
Old 06-30-2005, 03:22 PM   #2
uselpa
Senior Member
 
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507

Rep: Reputation: 46
From http://www.linuxsecurity.com/resourc...cklist.en.html :
Quote:
If you run X, disable xhost authentication and go with ssh instead; better yet, disable remote X if you can (add -nolisten tcp to the X command line and turn off XDMCP in /etc/X11/xdm/xdm-config by setting the requestPort to 0)
HTH
 
Old 06-30-2005, 04:52 PM   #3
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Original Poster
Rep: Reputation: 30
Code:
! $Xorg: xdm-conf.cpp,v 1.3 2000/08/17 19:54:17 cpqbld Exp $
!
!
!
!
! $XFree86: xc/programs/xdm/config/xdm-conf.cpp,v 1.10 2002/11/30 19:11:32 herrb Exp $
!
DisplayManager.errorLogFile:	/var/log/xdm.log
DisplayManager.pidFile:		/var/run/xdm.pid
DisplayManager.keyFile:		/usr/X11R6/lib/X11/xdm/xdm-keys
DisplayManager.servers:		/usr/X11R6/lib/X11/xdm/Xservers
DisplayManager.accessFile:	/usr/X11R6/lib/X11/xdm/Xaccess
DisplayManager.willing:		su nobody -c /usr/X11R6/lib/X11/xdm/Xwilling
! All displays should use authorization, but we cannot be sure
! X terminals may not be configured that way, so they will require
! individual resource settings.
DisplayManager*authorize:	true
! The following three resources set up display :0 as the console.
DisplayManager._0.setup:	/usr/X11R6/lib/X11/xdm/Xsetup_0
DisplayManager._0.startup:	/usr/X11R6/lib/X11/xdm/GiveConsole
DisplayManager._0.reset:	/usr/X11R6/lib/X11/xdm/TakeConsole
!
DisplayManager*chooser:		/usr/X11R6/lib/X11/xdm/chooser
DisplayManager*resources:	/usr/X11R6/lib/X11/xdm/Xresources
DisplayManager*session:		/usr/X11R6/lib/X11/xdm/Xsession
DisplayManager*authComplain:	true



! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort:	0

Looks like it is already set to Port zero?
 
Old 06-30-2005, 05:02 PM   #4
uselpa
Senior Member
 
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507

Rep: Reputation: 46
Yes. The documentation I quoted was for Debian, so in Slackware the config might be different.
Also have a look at /usr/X11R6/bin/startx for the other point.

Of course, you could always block incoming connections with iptables, that's what I did.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with Xauth & sound tony yu Debian 12 04-22-2005 05:26 AM
Xhost/xauth: Can I get access to the graphics console without anyone being logged in? Merlin53 Linux - General 10 01-07-2005 02:32 PM
Disabling xhost??? lemay_jeff Linux - Security 1 09-16-2004 09:11 AM
Xhost & DB2 byfaithalone Linux - Newbie 3 10-16-2003 05:22 PM
Disabling display & Application Nautilus sumpter Linux - Newbie 0 09-18-2003 07:17 PM


All times are GMT -5. The time now is 04:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration