LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-30-2006, 04:24 PM   #1
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Rep: Reputation: 30
vnc open port


Hello!

I noticed that my system has port 5800 and 5900 open for the remote desktop service.

I know I can set up a firewall, but it there a way to shut it down completely?

(using Slackware 10.1)

Thanks,
Murdock
 
Old 04-30-2006, 06:51 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
If you don't use vnc you can uninstall it and check for open ports again. Also check for tightvnc, krbc and krbf.

(Edit: Sorry, I wrote this part remembering Debian and VectorLinux. Slackware may not use chkconfig.)
Another option is to use chkconfig. chkconfig --edit vnc. Change the word on to off in the editor that comes up. Another option is to delete the service in chkconfig.
chkconfig -d vnc.

You may have a graphical configuration tool where you can shut off or remove the service.

Your system might have vnc set up being controlled by xinetd. In that case check the xinetd config file. Perhaps /etc/xinetd/vnc.

If your system has a firewall GUI administrative program, using it may be a painless way of closing these ports.

In any case, because vnc is installed, and enabled you might try a graphical administration option first. It might do something else I haven't thought of, such as modifying PAM configuration and SELinux access control. Also, the uninstall process may remove a line that explicitly opens up the port in the firewall script. And when you finish, scan this host again.

I also may have referred to an option you don't have, because I use SuSE and not Debian. Such as whether you use inetd or xinetd. I don't know if Debian uses the same system for startup scripts as SuSE and Mandrake, etal. You may not have chkconfig in that case. Please refer to you Administrators Manual for the last word on the matter.

I'm not certain how using KDE or Gnome will effect matters. If you remove krdc and krfb, do all the remote desktop related menu options go away from the KDE system menus, and does it matter in this case anyway. Some experimentation may be in order.

Last edited by jschiwal; 04-30-2006 at 07:21 PM.
 
Old 04-30-2006, 07:03 PM   #3
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
odd, vnc should not be started automatically.
I'd check which user is running vnc because if you didn't start it then why is it running.
Do
ps -A |grep Xvnc
and look at which user is running it.
Log in as that user and type
vncserver -kill :1
Make the :1 whatever was displayed when you did ps.
I'd find out which startup script (.bashrc maybe) is starting vnc and nuke it.

Edit: I just remembered, I believe port 5900 being open means that the :0 display is being exported. This is done with the vnc kernel module. If you have a line in your xorg.conf that looks like this, nuke it...
Code:
Section "Module"
    ...
    Load "vnc"
EndSection

Last edited by randyding; 04-30-2006 at 07:07 PM.
 
Old 05-01-2006, 03:11 AM   #4
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429

Original Poster
Blog Entries: 2

Rep: Reputation: 30
Thanks!

However, I do not see any nvc module, but I still can connect to my computer through remote desktop. It seems there is some KDE configuration that is activating it.

Thanks,
Murdock
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vnc port forwarding krayz1e Linux - Newbie 9 08-14-2005 04:46 PM
VNC on non-standard port king_scott_2 Linux - Software 2 07-19-2005 07:25 AM
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 08:44 AM
Open port 5900 or 59 for VNC jamiguel77 Linux - Security 5 01-08-2005 03:04 AM
VNC port redirection sqn Linux - Networking 5 11-18-2003 09:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration