Quoting Emmanuel 'Manny' Amador ([EMAIL PROTECTED]):
> Of course. Sorry about that, guess I was getting sleepy. I'm running Red
> Hat 6.2 and I found out that I could use ntsysv or tksysv to disable the
> services. They create special symbolic links to statrtup scripts for these
> services.
Yep. ;->
I hope you're either keeping that RH 6.2 box isolated from attack or are
very, very conscientous about patching it for the very large number of
security holes that have accumulated for that release. Any unpatched RH
6.2 box connected to the Internet is likely to be compromised very
quickly. I believe that, in one test last year, someone put a default
RH 6.2 load on the open Internet, and it was compromised about fifteen
minutes later.
> Gottas studfy TCP/IP, like you recommend. Actually, I'm not sure if my X
> and font servers are listening for stuff coming from the outside. I guess
> they are since there's a foreign address in the listing below.
Somewhere in /etc/X11, you'll find a file that specifies the
command-line arguments passed to the X11 server at the time it starts
up. E.g., the Linux box in front of me specifies that in
/etc/X11/xinit/xserverrc , whose contents are as follows:
#!/bin/sh
exec /usr/bin/X11/X -dpi 100 -nolisten tcp
The "-nolisten tcp" switch ensures that my X server will _not_ accept
remote connections. (If I need to run an X client/application remotely,
I ssh in with the "-X" option to forward X11 calls over the SSH channel.
That way, I get remote X11 _with_ encryption and compression.)
My point from earlier is that that sort of measure is what *I* regard as
the better way to close vulnerabilities -- better than leaving the
vulnerable daemon running and listening for remote connections, but then
papering over the problem using port-filtering scripts.
I'm unclear on what particular program "fontfs" is. It could be one
called Fontastic, an extra-cost package that was sometimes included with
ApplixWare, and (I believe) with Corel Office 2000. Or it could be
something else I'm not familiar with.
In any event, in your shoes I would try to track down what that is.
E.g., look through your startup scripts trying to find it, see if
there's any reference to it in your X server's configuration file
(/etc/X11/XF86Config or XF86Config-4), and use lsof, fuser, stat, and
debugging tools like that, to try to find it. Heck, don't forget to
look through "ps auxw" output.
--
Cheers, "This is mad, egotistical, sick, twisted, and stretches the bounds of
Rick Moen good taste right off the tongue, past the uvula, and down around
[EMAIL PROTECTED] the duodenum. It has other merits, but that should
indicate positive interest." -- The Cube, http://www.forum3000.org/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
