LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-01-2003, 01:30 PM   #1
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
stoppin X access remotely


Hi just wondering if anybody knows how to stop X from accepting any remote connections fro manywhere.

DO I have to disable X11 from listening for connections or is there a configuration method that will let only localhost login
 
Old 07-01-2003, 01:42 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Just put some iptables/ipchains rules in place to stop access.
 
Old 07-01-2003, 01:42 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Oh - if you are doing it over ssh then you can disable Xforwarding in sshd_config
 
Old 07-01-2003, 02:05 PM   #4
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
I just want to stop all access remotely but am running a webserver aswell so I dont want to use Iptables and ssh is going to be disabled aswell so i want to somehow stop X11 listening for network connections..
 
Old 07-01-2003, 02:38 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,965
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
Edit /etc/services,
comment 6000 through 6010.

Cheers,
Tink
 
Old 07-01-2003, 04:22 PM   #6
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
You are running a web server and dont want to use iptables?
Iptables can be configured to allow whatever ports you like, so you can allow 80 and stop the others that you dont want. You are really leaving yourself open otherwise. (correct me if I am wrong someone)
tobyl
 
Old 07-01-2003, 04:59 PM   #7
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by tobyl
You are running a web server and dont want to use iptables?
Iptables can be configured to allow whatever ports you like, so you can allow 80 and stop the others that you dont want. You are really leaving yourself open otherwise. (correct me if I am wrong someone)
tobyl
Just to explain

I dont want to run iptables on the server that hosts thewebserver because I am doing this for an MSc disertation and belive that it would be more secure to turn off services that arent needed and then place a Proxy and/or hardware firewall in front of the server thus creating a simple DMZ and allowing only access to Port 80 when the Proxy (which will run in combined mode) doesent have a doc required while also allowing https access to purchase goods.

Basically trying to lower the load on the main machine while ensuring security is at max, which is why I want to disable the remote access to any service not needed even when firewalls and IDS's are in use.
 
Old 07-01-2003, 05:26 PM   #8
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
Ah, well then you are probably over my head, but I do know that to stop X listening (6000), the argument is startx -nolisten TCP.
If you start X from kdm,gdm or xdm then you need to add -nolisten TCP to the relevant file that calls X.
 
Old 07-01-2003, 06:22 PM   #9
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
Cool I just want X to stop listening for connections really, which should solve the problem now all I got to do is figure out where to put that line.

Cheers
 
Old 07-02-2003, 02:47 PM   #10
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
Could you tell us how you boot into X?
do you use kde, gnome, or maybe you boot into X fron the command line, ie is your default runlevel 3 or 4? (/etc/inittab)

it depends how you start your X server as to which file matters.

tobyl
 
Old 07-02-2003, 03:28 PM   #11
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
Startx at command line
 
Old 07-02-2003, 04:39 PM   #12
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
then try
startx -nolisten TCP
 
Old 07-02-2003, 05:15 PM   #13
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by tobyl
then try
startx -nolisten TCP
Is there anyway of automating this process so that StartX alone can be used to stop network connections.
 
Old 07-02-2003, 05:44 PM   #14
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
first of all, did it work?
I guess you are using nmap to test?

I guess you could devise a bash script with all the commands you want, and then call that at the prompt.

Or you could use a login manager like kdm and modify the startup files.

Or you could write your own with perl or python or whatever.

(or you could wait until one of the gurus like Tinkster or acid_kewpie gave a better idea)

regards, tobyl
 
Old 07-02-2003, 05:46 PM   #15
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
cheers

havent checked if it works yet as Im running John on my system trying to crack my passwords.

So far its been running since 11 this morning so once it finishes Ill try it.

Also to test Im using: -

netstat - l | grep LISTEN

Last edited by dai; 07-02-2003 at 05:48 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't access Apache remotely zwyrbla Linux - Software 7 03-23-2005 07:14 PM
How do I access Gnome remotely? rwalkerphl Linux - Newbie 10 06-23-2004 02:56 PM
denying pop access remotely slack66 Linux - Security 1 01-28-2004 06:18 PM
can't access remotely to any service kunteper Linux - Networking 3 12-26-2003 08:02 AM
How To: Remotely access my nix box? nariman Linux - Newbie 5 05-18-2003 07:26 AM


All times are GMT -5. The time now is 11:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration