mxconns

What is it?

mxconns can be used to guard the entrance of your X server. When an X client is told to go through it, mxconns prompts the user, asking whether the connection should be accepted or not.

mxconns can optionally inspect the X requests and can prompt the user when it detects dangerous requests (like spying the keyboard). It can also silently replace these dangerous requests by dummy requests (NoOp).

See the man page for more information.

Why should I use it?

If you care about X security, mxconns brings the following benefits:

• easy to use X access control: you're prompted for new connections
• easy way to kill an existing client, even without any window
• customisable logging to know what the X clients are doing
• optional inspection of the X traffic to detect dangerous X requests
• optional automatic replacement of dangerous X requests by dummy requests (NoOp)

How can I use it?

You just have to start it along with your other (local) X clients. Here is what I have in my ~/.xsession:

	export XDISPLAY=`mxconns -fork -hunt -verbose -icf "c" -debug "al"`

From this point, all X clients using $XDISPLAY instead of $DISPLAY will go through mxconns.

The flags will make mxconns:

• go in the background
• hunt for a free pseudo display number
• print the used pseudo display on stdout
• check the X traffic
• log on stderr alarms and basic information

Where can I get it?

You can get the latest version from here: mxconns-3.1.10.tgz.

You can also read its copyright and man page.