hi,
One of the security tool has generated reports for our production system which is RedHat Linux 2.1 installed on it.
The error in question is :
unrestricted X server access (No X server access control )
Now when I tried to goole on above error found the following help.
"""""Restrict access to server: An open X display allows anyone, anywhere to view your screen, capture keystrokes and even execute commands remotely. This is a serious vulnerability that is easily fixed using xhosts or xauth. The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server, providing a rudimentary form of privacy control and security sufficient for a workstation environment (e.g. xhost +user@host when granting access).""""""""""
So tried to disable the unwanted access using below command. But got this,
>>>xhost -
xhost: unable to open display ""
root@P04.com /root
>>>
But at the same time I get this when I run ,
>>>xauth list
P04.com:1 MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d
localhost.localdomain/unix:1 MIT-MAGIC-COOKIE-1 e448d1eb5e9ccce7a407ea55f06c0fe9
P01.com/unix:10 MIT-MAGIC-COOKIE-1 dd84bffa51d812943c1dba16ba2f54bb
P01.com/unix:1 MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d
P01.com/unix:0 MIT-MAGIC-COOKIE-1 e00708c7b585daea3ce89ef1f52bee89
P04.com/unix:10 MIT-MAGIC-COOKIE-1 0964d62871c1e842f60ad9307dfed6bf
>>>
And I have found that in /etc/sshd_config X11 Forwarding is set to Yes.
But it gives no output for
>>>echo $DISPLAY
>>>
Now I'm pretty confused as to whether the xhost is being used on this system? Or is it xauth or X11Forwarding ?? Or none ??
Then why is it that our Security Audit tool is complaining as ""unrestricted X server access (No X server access control )""