I'm getting dinged because I allow this. Don't even really know what this
is.
Uses port 512.
NETSTAT *CNN
Connection type . . . . . . : *TCP
Local address . . . . . . . : *
Local port . . . . . . . . . : 512
Current
Name User Number Type User
QTRXC00004 QTCP 430542 *BCH QTCP
Joblog does mention
RTGDTA(REXECSVR)
Does this mean it's the remote command executer? Or just one of a few
different remote command executors? IOW, does it handle PC and *x remote
commands or does it also handle SBMRMTCMD?
I see that I do not have this running on many lpars. Of course, it's
running on our main production lpar. I wonder if I'm using it now or if
was something just started a decade or so ago to help with installation of
some product which may have needed it at the time for it's installation.
Think weird stuff like WAS, Quickr, Sametime, etc. Is there an access log
which holds this stuff?
CVE-1999-0526
CVSS v2 Base Score: 10.0 HIGH
See also:
http://www.kb.cert.org/vuls/id/704969
Audit report says options are:
- Disable X11 from listening on TCP ports
- Firewall X11's TCP ports
- Restrict access using xhost -
I'm thinking xhost and firewall are basically the same - restrict which IP
addresses can connect. The difference being one you do with your network
guy and the other you do with a table on your IBM i.
I get a little tired of having to authorize each user of each port
individually.
Rob Berendt
midrange.com
