xorg and -nolisten - X

This is a discussion on xorg and -nolisten - X ; I've read alot of info on this and made the recommended entries but I still get: ~$ netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:x11 *:* LISTEN tcp ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: xorg and -nolisten

  1. xorg and -nolisten

    I've read alot of info on this and made the recommended entries
    but I still get:

    ~$ netstat -a
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 *:x11 *:* LISTEN
    tcp 0 0 *:631 *:* LISTEN


    I'm using Slackware 10 and I like to get this turned off.

  2. Re: xorg and -nolisten

    On Thu, 21 Oct 2004 18:05:14 GMT, Marcus Monserrate staggered into the
    Black Sun and said:
    > I've read alot of info on this and made the recommended entries


    What were the exact changes that you made? Which files did you change?
    Read http://catb.org/~esr/faqs/smart-questions.html , please.

    > but I still get:
    > ~$ netstat -a
    > tcp 0 0 *:x11 *:* LISTEN
    > tcp 0 0 *:631 *:* LISTEN
    > I'm using Slackware 10 and [I'd] like to get this turned off.


    If you don't want your X to listen to XDMCP or Chooser requests, you
    should put this line

    DisplayManager.requestPort: 0

    in your /etc/X11/xdm/xdm-config file and restart X. Your
    /etc/X11/xdm/Xservers file may have a line in it like so:

    :0 local /usr/X11R6/bin/X -nolisten tcp

    ....which will make it so that X doesn't listen for TCP connections. The
    format of that file is display name, type (local or foreign), and
    command to run (for local displays only). HTH,

    --
    Matt G|There is no Darkness in Eternity/But only Light too dim for us to see
    Brainbench MVP for Linux Admin / mail: TRAP + SPAN don't belong
    http://www.brainbench.com / Hire me!
    -----------------------------/ http://crow202.dyndns.org/~mhgraham/resume

  3. Re: xorg and -nolisten

    On 10-21-2004, in comp.os.linux.x,
    Marcus Monserrate wrote:

    > I've read alot of info on this and made the recommended entries
    > but I still get:
    >
    > ~$ netstat -a
    > Active Internet connections (servers and established)
    > Proto Recv-Q Send-Q Local Address Foreign Address State


    > tcp 0 0 *:631 *:* LISTEN
    >
    > I'm using Slackware 10 and I like to get this turned off.


    Did someone not already mention asking a better question?

    I'd be guessing tcp:631 is cups. You can "turn-it-off" completely by
    removing the cups package or making /etc/rc.d/rc.cups
    non-executable. Yep, these two methods will kill the cups service
    and you won't be printing anything if you rely on cups for printing.
    But then, you only said you wanted to turn it off.

    Max

    --
    This is Linux country my good man, on a quiet night you can
    hear the sound of Windows rebooting.

  4. Re: xorg and -nolisten

    Thank you for understanding my question. I apologize to all
    for not being more clear. To be clear, what I'd like is to
    have these needed services to stop listening.


    Here are the files and the entries that I have edited

    From: security-quickstart-howto

    /etc/X11/xdm/Xservers
    :0 local /usr/X11R6/bin/X -nolisten tcp

    /etc/inittab
    xdm -udpPort 0


    From: Step by Step: Secure Slackware 8.0 Workstation
    Andrew Nall
    GCUX Practical Assignment v.1.9 ? Option 1

    /usr/X11R6/bin/startx
    defaultserverargs="-nolisten tcp"


    And the results that I'm still getting are:

    ~# netstat -a
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 *:x11 *:* LISTEN
    tcp 0 0 *:631 *:* LISTEN
    udp 0 0 *:631 *:*

    ~# nmap localhost
    Interesting ports on localhost (127.0.0.1):
    (The 1657 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    631/tcp open ipp
    6000/tcp open X11




    Dances With Crows wrote:
    > On Thu, 21 Oct 2004 18:05:14 GMT, Marcus Monserrate staggered into the
    > Black Sun and said:
    >
    >>I've read alot of info on this and made the recommended entries

    >
    >
    > What were the exact changes that you made? Which files did you change?
    > Read http://catb.org/~esr/faqs/smart-questions.html , please.
    >
    >
    >>but I still get:
    >>~$ netstat -a
    >>tcp 0 0 *:x11 *:* LISTEN
    >>tcp 0 0 *:631 *:* LISTEN
    >>I'm using Slackware 10 and [I'd] like to get this turned off.

    >
    >
    > If you don't want your X to listen to XDMCP or Chooser requests, you
    > should put this line
    >
    > DisplayManager.requestPort: 0
    >
    > in your /etc/X11/xdm/xdm-config file and restart X. Your
    > /etc/X11/xdm/Xservers file may have a line in it like so:
    >
    > :0 local /usr/X11R6/bin/X -nolisten tcp
    >
    > ...which will make it so that X doesn't listen for TCP connections. The
    > format of that file is display name, type (local or foreign), and
    > command to run (for local displays only). HTH,
    >


  5. Re: xorg and -nolisten

    Well, happy new results. I found a this post doing a google.

    "Subject: Re: Xnest generates errors - possible Slack bug?
    Newsgroups: alt.os.linux.slackware
    Date: 2004-07-25 01:54:23 PST

    ...the only tweak i made of the configuration of the X server launched by
    kdm (do you use kdm ?) is to add -nolisten tcp at the end of the only
    uncommented line of /opt/kde/share/config/kdm/Xservers ..."


    So, if one happens to be running xorg,kdm,kde and maybe even slack 10
    and for added security the -nolisten tcp is desired, then this file

    /opt/kde/share/config/kdm/Xservers May give the same happy results.

    netstat -a
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 *:631 *:* LISTEN
    udp 0 0 *:631 *:*

    nmap localhost

    Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-10-24 01:39 EDT
    Interesting ports on localhost (127.0.0.1):
    (The 1658 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    631/tcp open ipp

    Nmap run completed -- 1 IP address (1 host up) scanned in 0.621 seconds


    And now on to cups to see what if anything can be done there.
    But, I'm sure I need to take that the appropriate newsgroup



    Marcus Monserrate wrote:
    > Thank you for understanding my question. I apologize to all
    > for not being more clear. To be clear, what I'd like is to
    > have these needed services to stop listening.
    >
    >
    > Here are the files and the entries that I have edited
    >
    > From: security-quickstart-howto
    >
    > /etc/X11/xdm/Xservers
    > :0 local /usr/X11R6/bin/X -nolisten tcp
    >
    > /etc/inittab
    > xdm -udpPort 0
    >
    >
    > From: Step by Step: Secure Slackware 8.0 Workstation
    > Andrew Nall
    > GCUX Practical Assignment v.1.9 ? Option 1
    >
    > /usr/X11R6/bin/startx
    > defaultserverargs="-nolisten tcp"
    >
    >
    > And the results that I'm still getting are:
    >
    > ~# netstat -a
    > Active Internet connections (servers and established)
    > Proto Recv-Q Send-Q Local Address Foreign Address State
    > tcp 0 0 *:x11 *:* LISTEN
    > tcp 0 0 *:631 *:* LISTEN
    > udp 0 0 *:631 *:*
    >
    > ~# nmap localhost
    > Interesting ports on localhost (127.0.0.1):
    > (The 1657 ports scanned but not shown below are in state: closed)
    > PORT STATE SERVICE
    > 631/tcp open ipp
    > 6000/tcp open X11
    >
    >
    >
    >
    > Dances With Crows wrote:
    >
    >> On Thu, 21 Oct 2004 18:05:14 GMT, Marcus Monserrate staggered into the
    >> Black Sun and said:
    >>
    >>> I've read alot of info on this and made the recommended entries

    >>
    >>
    >>
    >> What were the exact changes that you made? Which files did you change?
    >> Read http://catb.org/~esr/faqs/smart-questions.html , please.
    >>
    >>
    >>> but I still get:
    >>> ~$ netstat -a
    >>> tcp 0 0 *:x11 *:* LISTEN
    >>> tcp 0 0 *:631 *:* LISTEN
    >>> I'm using Slackware 10 and [I'd] like to get this turned off.

    >>
    >>
    >>
    >> If you don't want your X to listen to XDMCP or Chooser requests, you
    >> should put this line
    >>
    >> DisplayManager.requestPort: 0
    >>
    >> in your /etc/X11/xdm/xdm-config file and restart X. Your
    >> /etc/X11/xdm/Xservers file may have a line in it like so:
    >>
    >> :0 local /usr/X11R6/bin/X -nolisten tcp
    >>
    >> ...which will make it so that X doesn't listen for TCP connections. The
    >> format of that file is display name, type (local or foreign), and
    >> command to run (for local displays only). HTH,
    >>


  6. Re: xorg and -nolisten

    You could use netstat like this, to get some more info:

    netstat --ip -anp

    this shows the processes AND their connections.
    This way you don't have to 'guess' what port is handled by what process.

    Kirth



  7. Re: xorg and -nolisten

    This will be very useful, thank you.

    Kirth Gersen wrote:
    > You could use netstat like this, to get some more info:
    >
    > netstat --ip -anp
    >
    > this shows the processes AND their connections.
    > This way you don't have to 'guess' what port is handled by what process.
    >
    > Kirth
    >
    >



+ Reply to Thread