If you ever need to run VNC with inetd on a server after applying SUNWjass's secure.driver, make sure to change the following file that JASS creates - /etc/dt/config/Xaccess (do not confuse this with /usr/dt/config/Xaccess or /usr/openwin/lib/X11/xdm/Xaccess):
(before)
##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS
## Deny all remote access (direct/broadcast) to this X server.
!*
(after)
##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS
## All remote access (direct/broadcast) to this X server.
*
This combined with /etc/hosts.allow and /etc/hosts.deny will provide the necessary security.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment