金融其它运维规范
如何禁用XDMCP服务
由于最近行里服务器做漏洞扫描,发现了一些漏洞,其中包括XDMCP服务,需要将其禁用掉。在这里请教下大家如何禁用XDMCP服务呢?
最好包括1查看XDMCP服务命令;2禁用XDMCP服务命令;3开启XDMCP服务命令;4相关的设定(如果需要的话)。
最好包括1查看XDMCP服务命令;2禁用XDMCP服务命令;3开启XDMCP服务命令;4相关的设定(如果需要的话)。
17同行回答
再提供点信息,我将/etc/services里面关于xdmcp的177端口(tcp和udp)都注释掉,也没有什么效果,依然可以xclock显示出来,如果需要重启和刷新服务的话,会是什么服务呢,refresh -s what?xdm肯定是不行,会报错0513-085 The xdm Subsystem is not on file.收起
浏览7813
回复 5# zp_ccc
stopsrc确实是可以用来停止子系统、子系统组和子服务器,比如我的telnet就是通过stopsrc -t telnet来停用的。但是在尝试xdm时提示:0513-085 The xdm Subsystem is not on file. 这个情况是? 同时我用lssrc -a | grep xdm也没有得到相关任何xdm的信息出来。
还有,我其实是想禁用xdmcp,这个协议对应的服务,如果停掉xdm的话是不是相当于把X Window的系列服务都停掉了呢?
备注:目前我的AIX6.1是可以通过xmanager使用X Window的,用xclock已验证将图形传到本地。收起
stopsrc确实是可以用来停止子系统、子系统组和子服务器,比如我的telnet就是通过stopsrc -t telnet来停用的。但是在尝试xdm时提示:0513-085 The xdm Subsystem is not on file. 这个情况是? 同时我用lssrc -a | grep xdm也没有得到相关任何xdm的信息出来。
还有,我其实是想禁用xdmcp,这个协议对应的服务,如果停掉xdm的话是不是相当于把X Window的系列服务都停掉了呢?
备注:目前我的AIX6.1是可以通过xmanager使用X Window的,用xclock已验证将图形传到本地。收起
浏览7820
浏览7535
浏览7519
看你用到是什么linux版本,例如下面:
For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in /etc/X11/kdm in Caldera/SCO, /etc/kde/kdm in Red Hat (and Fedora Core) and /usr/share/config/kdm, which is a symbolic link to /etc/kde/kdm, in Mandrake.
The gdm (Gnome Display Manager) is a re-implementation of the well known xdm. gdm has similar functions to xdm and kdm, gdm is the Gnome Display Manager, and its configuration files are found in /etc/X11/gdm/gdm.conf. The gdm.conf file contains sets of variables and many options for gdm, and the Sessions directory contains a script for each session option; each script calls /etc/X11/xdm/Xsession with the appropriate option. gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code.
If you plan to use the GDM as default, one benefit of gdm login window is that it allows you to switch between KDE and GNOME. For gdm, edit /etc/X11/gdm/gdm.conf. This activates XDMCP, causing it to listen to the request. For kdm (if you pick KDE as your DM in your installation), edit /usr/share/config/kdm/kdmrc for Mandrake and /etc/kde/kdm/kdmrc for Red Hat or /opt/kde2/share/config/kdm/kdmrc for Slackware version (KDE2). Change this line:
[xdmcp]
Enable=false (may shown as 0 in some distributions)
to:
Enable=true (or 1 in some distributions)
Make sure "Port=177" is at the end of this block, i.e., by commenting out the line "#Port=177".收起
For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in /etc/X11/kdm in Caldera/SCO, /etc/kde/kdm in Red Hat (and Fedora Core) and /usr/share/config/kdm, which is a symbolic link to /etc/kde/kdm, in Mandrake.
The gdm (Gnome Display Manager) is a re-implementation of the well known xdm. gdm has similar functions to xdm and kdm, gdm is the Gnome Display Manager, and its configuration files are found in /etc/X11/gdm/gdm.conf. The gdm.conf file contains sets of variables and many options for gdm, and the Sessions directory contains a script for each session option; each script calls /etc/X11/xdm/Xsession with the appropriate option. gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code.
If you plan to use the GDM as default, one benefit of gdm login window is that it allows you to switch between KDE and GNOME. For gdm, edit /etc/X11/gdm/gdm.conf. This activates XDMCP, causing it to listen to the request. For kdm (if you pick KDE as your DM in your installation), edit /usr/share/config/kdm/kdmrc for Mandrake and /etc/kde/kdm/kdmrc for Red Hat or /opt/kde2/share/config/kdm/kdmrc for Slackware version (KDE2). Change this line:
[xdmcp]
Enable=false (may shown as 0 in some distributions)
to:
Enable=true (or 1 in some distributions)
Make sure "Port=177" is at the end of this block, i.e., by commenting out the line "#Port=177".收起
浏览8356
以下命令可以确认XDMCP服务器是否已经启动:netstat -an|grep 177
CDE的XDMCP服务器为 dtlogin,XWindow本身的XDMCP服务器为xdm。如果AIX上安了CDE,则只要启停CDE即可(执行/etc/rc.dt)。如果没有安装CDE,需要启停xdm。
# ps -ef |grep dtlogin 看看CDE桌面有没有启动(停可以kill这个)
启动:
# /etc/rc.dt 然后就可以打开图形界面了。
或
# /usr/dt/bin/dtlogin -daemon ##启动CDE桌面
# /usr/dt/bin/dtconfig -e ##配置主机重启自动启动 -e (enable auto-start of dtlogin)
你#8中注释掉这个端口的做法也可以,不过也需停止啊,不然177还是listen的,只是下次重启后177无法使用,为什么不停了这个进程,万一以后用呢,嘿嘿!收起
CDE的XDMCP服务器为 dtlogin,XWindow本身的XDMCP服务器为xdm。如果AIX上安了CDE,则只要启停CDE即可(执行/etc/rc.dt)。如果没有安装CDE,需要启停xdm。
# ps -ef |grep dtlogin 看看CDE桌面有没有启动(停可以kill这个)
启动:
# /etc/rc.dt 然后就可以打开图形界面了。
或
# /usr/dt/bin/dtlogin -daemon ##启动CDE桌面
# /usr/dt/bin/dtconfig -e ##配置主机重启自动启动 -e (enable auto-start of dtlogin)
你#8中注释掉这个端口的做法也可以,不过也需停止啊,不然177还是listen的,只是下次重启后177无法使用,为什么不停了这个进程,万一以后用呢,嘿嘿!收起
浏览8744