[arch-general] mate-session listening socket lockdown
Doing a little hardening, I notice on my workstations that 'mate-session' activates a user-level listening socket on 0.0.0.0 that you can telnet into and slam with gibberish (and it doesn't exit) -- does anyone know how to set up a config to lock that to 127.0.0.1 and ::1? $ netstat -lntp | grep mate-session tcp 1 0 0.0.0.0:60715 0.0.0.0:* LISTEN 24246/mate-session tcp6 0 0 :::50621 :::* LISTEN 24246/mate-session $ telnet localhost 60715 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HELP asdas asd a asd a ^] telnet> close Connection closed. I've had a perusal of the source[1] and see that it's some sort of "xmp" thing, but I freely admit I don't do a lot of debugging in this area of the X world (I'm a server guy). Any pointers what this is for and how I can get it locked down? The gconf schema file doesn't have a setting, perhaps it's configured somewhere else? The Googletubes are failing me, or maybe I just don't understand what I should be googling for to get the right hits... thx! -te [1] https://github.com/mate-desktop/mate-session-manager/tree/1.8/mate-session
On Thu, Apr 16, 2015 at 6:52 PM, Troy Engel <troyengel+arch@gmail.com> wrote:
Doing a little hardening, I notice on my workstations that 'mate-session' activates a user-level listening socket on 0.0.0.0 that you can telnet into and slam with gibberish (and it doesn't exit) -- does anyone know how to set up a config to lock that to 127.0.0.1 and ::1?
$ netstat -lntp | grep mate-session tcp 1 0 0.0.0.0:60715 0.0.0.0:* LISTEN 24246/mate-session tcp6 0 0 :::50621 :::* LISTEN 24246/mate-session
$ telnet localhost 60715 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HELP asdas asd a asd a ^] telnet> close Connection closed.
I've had a perusal of the source[1] and see that it's some sort of "xmp" thing, but I freely admit I don't do a lot of debugging in this area of the X world (I'm a server guy). Any pointers what this is for and how I can get it locked down? The gconf schema file doesn't have a setting, perhaps it's configured somewhere else?
The Googletubes are failing me, or maybe I just don't understand what I should be googling for to get the right hits...
thx! -te
[1] https://github.com/mate-desktop/mate-session-manager/tree/1.8/mate-session
Why not just drop external connecitons using a firewall [0] rule? [0] https://wiki.archlinux.org/index.php/Iptables
participants (2)
-
Martti Kühne
-
Troy Engel