# How to secure Xvfb?

## peaceful

I read the man page for Xvfb and Xserver, but they didn't seem to say a whole lot about security, other than "read Xsecurity (7)", but there's no man page for Xsecurity on my server (weird).  I need to run Xvfb on a test server that's on the Internet.  Xvfb is only being used by programs actually on the test server.

Is there anything I need to do to secure Xvfb other than "-nolisten tcp"?

----------

## jamapii

From reading man Xserver, -nolisten tcp seems sufficient to turn off network access. You can verify with nmap, there should be no open ports like 

5801/tcp open  vnc-http-1

5802/tcp open  vnc-http-2

5901/tcp open  vnc-1

5902/tcp open  vnc-2

6001/tcp open  X11:1

6002/tcp open  X11:2

----------

