Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disabling Xserver from listening on port 6000/TCP with Solaris 8 1

Status
Not open for further replies.

sbrague

IS-IT--Management
Dec 13, 2006
3
US
I'm interested in keeping Xsun from listening on Port 6000/TCP with Solaris 8. The -nolisten tcp option doesn't become available until Solaris 9, so it's no help. Further research for the right command line option or system setting has revealed nothing to me. If not keeping the software from listening altogether, then maybe having it listen at a different port. Is this an easy thing to do?
 
You can also create a file called /etc/dt/config/Xaccess. This says which machines are allowed to connect...if you add these entries:

Code:
!*
!* CHOOSER BROADCAST

No one should be able to connect up.
 
Thanks for the responses, all.

The reason we're trying to keep Xsun from listening to port 6000 is because we're trying to run software that is also designed to listen to port 6000 (imo, people who write software hardcoded to listen to ports that are known service ports should have their keyboards taken away).

We had made the change to /etc/dt/config/Xaccess to have it deny any connections made to the X Server, but the problem is that the X Server still listens to the port. The suggestion to block port 6000 with ipfilter is good, but presents the problem that the other software won't be able to communicate either.

Our goal was either to get Xsun to stop listening, or at the least get it to listen to another port. Xsun with Solaris 9 supports the '-nolisten tcp' flag to do this, but the Xsun with Solaris 8 seems to lack this function.

We've also tried adding the nearest flags to modifying the port that we could find: -pn and -port port_num. Our Xservers file looks like this now

:0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -nobanner -pn -port 6001

Still no effect. lsof -i shows it's still listening on 6000.

Upgrading to Solaris 9 or 10 would break the programs running on these machines, so that isn't an option for us. How hard is it to upgrade Xsun to a version that would support the -nolisten feature?

Thanks
 
You have two alternatives that might work then. You can either A) disable the dtlogin daemon from running. B) I think you can use VNC to host your sessions instead of Xsun. You place the path to the VNX executable in the /etc/dt/config/Xservers file.
 
Thanks for the assist, all.

Good alternatives, but still not viable options. They need to be running X, so disabling dtlogin would cripple their software. Adding vnx to the Xservers file would create a listening point at port 590x, but still wouldn't address the problem of Xsun listening at 6000.

I'm just surprised that Sun acknowledges this to be a problem with Solaris 9+, but offers no way of disabling the feature with OSes previous to that. We've been pretty good about keeping these machines patched with the latest recommended patches. I'm surprised that the -nolisten option for Xsun wasn't included with any of the current patch clusters.

Thanks again all for the tips.
 
Actually replacing Xsun with the VNC binary in your /etc/dt/config/Xservers would get rid of it listening on port 6000. The only problem though is, I do not think they would have a console display technically. You would need to use the VNC connector to login from another workstation.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top