我有一个以服务形式运行的XVFB服务,它绑定到*而不是localhost。为了安全起见,不建议这样做,而且我也找不到将它绑定到localhost的方法。有谁知道如何让xvfb绑定到localhost?谢谢,谢谢
# cat /etc/systemd/system/xvfb.service
[Unit]
Description=XVFB Server
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
Restart=always
RestartSec=10
TimeoutSec=30
User=xvfb
Group=xvfb
ExecStart=/usr/bin/Xvfb -screen 0, 1024x768x16
# systemctl status xvfb
● xvfb.service - XVFB Server
Loaded: loaded (/etc/systemd/system/xvfb.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-05-28 18:13:57 UTC; 1min 4s ago
Main PID: 11395 (Xvfb)
Memory: 4.3M
CGroup: /system.slice/xvfb.service
└─11395 /usr/bin/Xvfb -screen 0, 1024x768x16
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension MIT-SCREEN-SAVER
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension DOUBLE-BUFFER
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension RECORD
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension DPMS
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension Present
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension X-Resource
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension XVideo
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension XVideo-MotionCompensation
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension SELinux
May 28 18:13:57 ip-10-73-36-143.ec2.internal Xvfb[11395]: Initializing built-in extension GLX
# lsof -Pi | grep -i 'listen'
Xvfb 11395 xvfb 0u IPv6 2029253 0t0 TCP *:6000 (LISTEN)
Xvfb 11395 xvfb 1u IPv4 2029254 0t0 TCP *:6000 (LISTEN)
最安全的解决办法就是像这样把所有的端口都关闭。
Xvfb :0 -nolisten tcp