On a friend's computer, Slackware 14.1 32bit, no KDE, using XFCE with XDM to login to X...

following instructions at
http://docs.slackware.com/howtos:sec...basic_security
I made the file /etc/X11/xinit/xserverrc with the contents"
...and when that didn't work, made the ~/.xserverrc file, and when that didn't work, I added -nolisten to in /usr/X11R6/lib/X11/xdm/Xservers
...and when that didn't work, I came here.

Has something changed in X, or something? At the very least, the statement "On Slackware, listening for incoming XDMCP requests is disabled by default in both xdm and kdm, so it is secure by default." from the above link is wrong. 6000/tcp open X11 has been like this since day one on this system. It won't be the end of the world if I can't close port 6000, but it will be one step closer to the end of my love affair with this whole "Linux" thing. Just so tired of the constant change.
Much appreciation for any clues!

What I do is edit /usr/bin/startx and add "-nolisten tcp" to this line:

Which is empty by default. Seems to work...

xserverrc is only for startx, not for xdm.

This is totally untested, but for xdm you can try and modify /usr/lib/X11/xdm/Xaccess (or whatever the DisplayManager.accessFile is set to in /etc/X11/xdm/xdm-config) to have an empty LISTEN line (see the xdm man page for details).

EDIT: Was it -nolisten or -nolisten tcp you added to the line in /usr/X11R6/lib/X11/xdm/Xservers?

in /etc/X11/xdm/Xservers does the job for me.

I use kdm, but my /etc/X11/xdm/xdm-config
has these lines from default install in 14.1:


! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort: 0


Which should disable XDMCP

unless this somehow got changed on your machine, I'm not sure why xdm has that port open.

I'm not sure if your using nmap to look for open ports, but if you are, and your scanning your public ip address, you might see some stuff that is from your router/modem that is not really open on the public side, the router/modem has ports open for the local network but also allows machines accessing it from the local side to also use the public ip address to access (that is, it loops back on your public ip). Nmap without any additional parameters just guesses based on port number what the service is.

For example if I scan my Public IP from behind the network, nmap will list 1024 kdm as open. This is actually not kdm, but a port used by the router for configuration, it is actually only open on the local network, if I scan my public IP from another network it will not be listed.

So is port 6000 actually open if you scan the local IP address of this machine, if not then it is probably a port open on router/modem or other device, possibly really only open to the local network, though maybe not.

you can use
nmap -p portnumber -A ipaddress
command to make nmap scan what some open port really is, instead of guessing.

In my case port 1024 is a mini-httpd running on my router not kdm at all.

It was just -nolisten like it showed at the site I linked. :-\

I was kinda leery of editing that file.

I was sure it was this local machine, since I used simply, nmap 127.0.0.1
I tried this since it directly related to XDM. It worked after rebooting (seems X doesn't actually die
anymore if one simply logs out or uses Ctl+Alt+Backspace).
Thank you all!!! Going to add this one to my recepie book! ;-)

For KDM, you wantin kdmrc

This is usually somewhere like: /etc/kde4/kdm/kdmrc or /etc/kdm/kdmrc