Guest sledged Posted March 12, 2005 Report Share Posted March 12, 2005 I can't seem to close the X11 port, I have been searching the boards and have had no luck. I have put "-nolisten" and "-nolisten tcp" in /usr/X11R6/bin/startx and /etc/kde/kdm/Xservers also in /etc/kde/kdm/Xsessions after startkde and have yet been unable to close the damn port. Where do I need to put it to close the port? Also is there any reason why it is open in the first place? /sledged Quote Link to comment Share on other sites More sharing options...
devries Posted March 12, 2005 Report Share Posted March 12, 2005 Well it's a X-server :). It is supposed to be open so the X-client can connect to it. If it's closed you wouldn't be able to use it. If you want it to be closed you have to shutdown X. Quote Link to comment Share on other sites More sharing options...
Guest sledged Posted March 12, 2005 Report Share Posted March 12, 2005 Well it's a X-server :). It is supposed to be open so the X-client can connect to it. If it's closed you wouldn't be able to use it. If you want it to be closed you have to shutdown X. <{POST_SNAPBACK}> I've never had a problem with the display with the port closed before :D. I don't need to log in from another computer so it listening is a security risk. /sledged Quote Link to comment Share on other sites More sharing options...
Michel Posted April 3, 2005 Report Share Posted April 3, 2005 Heya, I had this problem too. Kdm doesn't use the parameters in other files it seems (the latest version not anyway. Add the following in the [X-*-Core]-section of the kdmrc-file to disable listening on a tcp-port: ServerArgsLocal=-nolisten tcp You may not put " around -nolisten tcp, else it won't work it seems. Hopes it helps you, Michel Quote Link to comment Share on other sites More sharing options...
mrmagoo Posted May 28, 2005 Report Share Posted May 28, 2005 (edited) For KDE, some versions of Mandrake uses mdkkdm, which uses xdm... Try modifying /etc/X11/xdm/Xservers This file is specified in /etc/X11/xdm/xdm-config with DisplayManager.servers Note: sometimes the /etc/X11 path is /usr/X11R6/lib/X11 Well it's a X-server. It is supposed to be open so the X-client can connect to it. If it's closed you wouldn't be able to use it. If you want it to be closed you have to shutdown X. This is not true. The Xserver(1) manpage says: NETWORK CONNECTIONS The X server supports client connections via a platform-dependent sub- set of the following transport types: TCPIP, Unix Domain sockets, DEC- net, and several varieties of SVR4 local connections. The combo I use to disable the x11 ports is this: # iptables -A INPUT -p tcp --dport 6000:6063 -j DROP # sed -i 's/^\(serverargs="\)/\1-nolisten tcp/' /usr/X11R6/bin/startx # sed -i '/^:[0-9]/s/$/ -nolisten tcp/' /etc/X11/xdm/Xservers # sed -i '/^:[0-9]/s/$/ -nolisten tcp/' /etc/kde/kdm/Xservers # echo "DisallowTCP=true" >> /etc/X11/gdm/gdm.conf Don't skip the iptables hack, because users may execute X(1) directly or via xinit(1), and there is no configuration file to avoid this... xinit reads a ~/.xserverrc if it exists, skipping /etc/X11/xinit/xserverrc If you're using xdm, check to see if you have the port 177 (xdmcp) open and block it with iptables. The actual port it uses is specified in /etc/X11/xdm/xdm-config with the DisplayManager.requestPort directive and with the -udpPort option. To disable it, run: # echo 'DisplayManager.requestPort: 0' >> /etc/X11/xdm/xdm-config # sed -i 's/xdm/xdm -udpPort 0/' /etc/inittab Edited May 28, 2005 by mrmagoo Quote Link to comment Share on other sites More sharing options...
mrmagoo Posted June 3, 2005 Report Share Posted June 3, 2005 I forgot to add the X Font Server (XFS) which uses TCP port 7100 firewall it with iptables, and add this entry to /usr/X11R6/lib/X11/fs/config: no-listen = tcp Quote Link to comment Share on other sites More sharing options...
Dakota Posted June 15, 2005 Report Share Posted June 15, 2005 (edited) Heya, I had this problem too. Kdm doesn't use the parameters in other files it seems (the latest version not anyway. Add the following in the [X-*-Core]-section of the kdmrc-file to disable listening on a tcp-port: ServerArgsLocal=-nolisten tcp You may not put " around -nolisten tcp, else it won't work it seems. Hopes it helps you, Michel <{POST_SNAPBACK}> This did not work for me. My port 6000 is still open. Dakota Edited June 15, 2005 by Dakota Quote Link to comment Share on other sites More sharing options...
Dakota Posted June 15, 2005 Report Share Posted June 15, 2005 (edited) Thanks mrmagoo! X11 is no longer listening on TCP however I still have KDM listening on port 1024. What can I do to stop it? Dakota Edited June 15, 2005 by Dakota Quote Link to comment Share on other sites More sharing options...
mrmagoo Posted June 15, 2005 Report Share Posted June 15, 2005 Thanks mrmagoo! X11 is no longer listening on TCP however I still have KDM listening on port 1024. What can I do to stop it? Dakota Try this bit from http://www.oneeyedcrow.net/tech/securex.html Often, you'll see kdm (the desktop manager) listening on port 1024, or kde-init listening on a high-numbered port. To turn this off, delete the line X-KDE-Init=xmlrpcd from /usr/share/services/kxmlrpcd.desktop, and then create /usr/share/services/kmlrpcdrc (if it doesn't already exist), and add the lines [General] StartServer=fal Kill -HUP all the services involved, and use netstat -pl and perhaps an external nmap to make sure that you're no longer listening on those ports. Voila. Check to see if your kdm has 177/udp open. To disable it: Search the line "[Xdmcp]" in /etc/kde/kdm/kderc and put: Enable=false Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.