On Wed, Nov 20, 2002 at 12:53:27AM +0100, Olaf Dietsche wrote: > > Now, is there any security implications of having this port open? (I > > am nmap'ing this box's external Internet interface as it is my ipmasq > > box.) If so, what files do I have to edit to get rid of it? I don't > > need X listening on this interface. > > This depends on the startup method (and maybe distribution), as you > already noticed. With xdm (and debian) it is /etc/X11/xdm/Xservers. > With xinit it is /etc/X11/xinit/xserverrc. > > Look at "man xinit" and "man Xserver". There you will find an option > "-nolisten".
In /etc/X11/xinit/xserverrc, I have the following line: exec /usr/bin/X11/X -dpi 100 -nolisten tcp So why is X still listening on TCP? > When this is your firewall, you might consider stopping X11 and not > using this as a desktop machine at all. Every program running and > every tool installed, might be used by an attacker against you. I realize that, however, since both machines are needed for work, I don't really have a choice. Thanks for your help though. -- ------------------------------------------ Edward Guldemond GPG Key: 0x4E505B0F Key fingerprint: 4CAC 6740 C1CD 3CE4 6CA0 34E9 B3B7 18EC 4E50 5B0F
pgpDR8Mj400jq.pgp
Description: PGP signature