[ubuntu-hardened] Securing access to the X Server.
daniel curtis
sidetripping at gmail.com
Thu Oct 20 09:41:35 UTC 2016
Hello
I hope that it's a good place to ask a question about securing X Server. As
we know, if someone do not need X access - for example - from other machine
etc., such user can block port # 6000 (TCP) using iptables(8) or by
switching off this port via '-nolisten tcp' option [1].
But, if it is about securing access to the X Window; can I use
/etc/X11/app-defaults/XScreenSaver file? Why I'm asking? I would like to
edit this file and make a small change:
*lock: False
And use 'True' instead, so:
*lock: True
One more thing: there is a server access control program for X, called
xhost(1). A very bad step is to type, for example, '[$] xhost +' command,
right? A better solution is '[$] xhost +hostname'. But whether the use of
xhost(1), is necessary? Or just leave it as is, after - let say - clean
system installation?
What is your opinion on this? Its worth to make such a changes or switching
off the binding on port 6000 is enough? My question concerns the 12.04
Release. If it matters. Please write your opinions and what do you think
about that issue etc. Thanks. All for better security :- )
Best regards.
_____________
[1] Does /usr/bin/startx file is okay to add '-nolisten tcp' option in
'defaultserverargs='? To be honest, I've always had used this file. Even
when I'm using, for example, lightdm etc. (As ps(1) command shows:
/var/run/lightdm/root/:0 -nolisten tcp...)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161020/45460d58/attachment.html>
More information about the ubuntu-hardened
mailing list