27 Jan
2004
27 Jan
'04
8:19 p.m.
On Tuesday 27 January 2004 20:39, Eric Dondelinger wrote:
one service that use rpc is fam, to monitor directory. kde can take
advantage of this, but it work fine without it.
just start X with the -nolisten parameter.
you just need to modify the script or the configuration file.
and it depend on the system.
i know that msec ( a mdk utility to enforce security setting ) modify
gdm config ( /etc/X11/gdm/gdm.conf ), startx (/usr/X11R6/bin/startx )
and X server config ( /etc/X11/xdm/Xservers ).
So you may try to look for these file, and modify them.
but this is not a huge security risk, as Eric stated.
--
Mickaƫl Scherer
Hi Serge,
On Tue, 27 Jan 2004, Serge Marelli wrote:
using -sU for udp could be good too, but, you doesn't need to be root, i
think.
OK, so I'm paranoid...
Are you paranoid enough?
I checked my own computer with nmap and got the
following result:
Interesting ports on $MYHOST ($MYIPADDRESS):
(The 1641 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0.612
seconds
Rather classical...
Now some more details; I was running nmap in user
mode, not as
root, I know the result would be different, for the time being I'll
work with this, I'll check more later.
It isn't that different, unless you use special options. I'm a bot
more worried about the other two. I don't see what I
might be doing with Sun's RPC and wish to disable this (any hint
welcome).
RPC -> portmap
Since my Gentoo runs fine without this service, I guess you won't
need it, unless you need NFS or somesuch. The same is
true about X11; could anyone tell me why X11 is opening
a port on my machine, I don't intend to have anyone connect via X11
to my host.
Normally, X shouldn't allow connections from outside, unless you
explicitly authorize this via xhost + remote_host, or via xauth.