Re: xhostFrom: Rich Teer (email@example.com)
- Previous message: Drew: "Re: xhost"
- In reply to: Small, Jim: "xhost"
- Next in thread: Alan Coopersmith: "Re: xhost"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 May 2002 10:32:51 -0700 (PDT) From: Rich Teer <firstname.lastname@example.org> To: "Small, Jim" <email@example.com>
On Wed, 29 May 2002, Small, Jim wrote:
> I am working on a security solution for a network of Solaris servers (7 and
> 8). The network is periodically scanned for vulnerabilities. The problem
> is system admins keep using "xhost +" from their CDE session so they can
> display xclients from other servers. Needless to say, no matter how many
> times I admonish them not to use xhost +, they do anyway.
Sounds like they could do with a good LARTing...
Disable telnet and rsh, so that they have to use ssh. That way, they'll
get encrypted X tunneling for free.
Or have them fired for security policy vilations, and hire someone else.
> inclined to think the only sure way is to delete the xhost command.
Trouble is, they're admins, so they can restore it from backup
(or from the Solaris CD).
-- Rich Teer
President, Rite Online Inc.
Voice: +1 (250) 979-1638 URL: http://www.rite-online.net