[NCLUG] Two easy? security questions...

[Aaron Johnson]

> 'netstat -a' can be very helpful for tracking that sort of stuff
> down.

I've taken to using 'netstat -nap --inet' which gives you PIDs and
argv[0]s for each socket.  For best results, do this as root on a wide
(100 characters) terminal.

> You'll still want to setup a firewall, since ports like X-windows
> are open whenever you're using X...and I happen to like using X on
> my workstation, which also happens to be my router.

X can be told not to listen for TCP connections.  Add a '-nolisten
tcp' to the X server's command line.  If you want connections from
remote hosts, this does screw up the usual 'xproggie -display
myremotexserver:0' approach, but ssh serves nicely instead.

Aaron
--
MTS, tummy.com, ltd.
Linux and UNIX Consulting and Software