[NCLUG] Two easy? security questions...
Martin Gelfand
gelfand at lamar.ColoState.EDU
Thu Sep 7 15:42:16 MDT 2000
>
> > > X can be told not to listen for TCP connections. Add a '-nolisten
> > > tcp' to the X server's command line. If you want connections from
> > > remote hosts, this does screw up the usual 'xproggie -display
> > > myremotexserver:0' approach, but ssh serves nicely instead.
> >
> > Where should one add the "-nolisten tcp" flag if X is being started
> > "automagically" (eg, runlevel 5 on a RH-like system)?
>
> Not entirely sure on your setup. RedHat actually starts a (sadly
> undocumented (at least on the 6.1 box I use most often)) program
> called "prefdm" which tries to figure out which of gdm, kdm, and xdm
> to run. I'm running gdm, and have this in the [servers] section of my
> gdm.conf:
>
> 0=/usr/bin/X11/X :0 -nolisten tcp -bpp 32 -dpi 100 dpms vt9
>
> Not sure about doing that with xdm or kdm, but it should be documented
> in a man page or doc file somewhere.
>
> HTH.
>
OK, I think I have it! If you're running kdm or xdm (at least under
Mandrake, but I think this should be more general) the file
you need to poke into is probably
/etc/X11/xdm/Xservers
as this is the only file that I can find that actually makes reference
to the X binary.
I haven't tried adding the '-nolisten tcp' yet but I hope it just
needs to be appended to the only line (not-commented-out) in the file,
:0 local /usr/X11R6/bin/X
If anyone knows different, let the world know!
Martin Gelfand
Dept of Physics, Colorado State
More information about the NCLUG
mailing list