Thanks to all of you for the feedback! Unfortunately, the problem has not been fixed yet.
1. I find X-terminology (idea of 'server' and 'client') to be a bit confusing. I'll try to describe the problem once more.
I have HP-UX 10.20 server that should be secured against unsolicited remote access. inetd security is already set in /var/adm/inetd.sec, but another security hole still exists.
inetd.sec does not affect ability to establish remote connection via X-session. So, the host should be configured properly so that to refuse all incoming X connections except the ones from few trusted hosts.
I'm trying to set up /etc/X0.hosts on the HP-UX box that should be secured. The security should defend the HP-UX box from incoming remote access via X-sessions.
2. Removing of localhost from /etc/X0.hosts did not hep (I rebooted the HP-UX box). Probably, I understood manual incorrectly (Graphics Administration Guide for HP-UX 10.20 ACE, Making an X*.hosts File), since it tells
************
> The /etc/X0.hosts file is an ASCII text file containing the hostnames of each
> remote host permitted to access your local server...
> For example, if you are hpaaaaa, and regularly ran clients on hpccccc, and
> hpddddd, you would want the following lines.
>
> hpaaaaa
> hpccccc
> hpddddd
I guessed hpaaaaa is localhost in my case.
3. Startup files does not contain 'xhost +' command. (/etc/profile, /etc/csh/login, ~/.profile, ~/.login, ~.cshrc)
4. This is ps -ef |grep X output
ps -ef |grep X
root 944 1 0 13:14:53 ? 0:00 /usr/bin/X11/SLSd_daemon
daemon 1062 1056 0 13:15:24 ? 0:03 /usr/bin/X11/X :0
5. Running xhost from root account tells that security seem to be set up
# /usr/bin/X11/xhost
Xlib: connection to "2.2.2.2:0.0" refused by server
Xlib: Client is not authorized to connect to Server
/usr/bin/X11/xhost: unable to open display "2.2.2.2:0.0"
However, I can iniate X-session from 2.2.2.2.
Many thanks in advance for more comments!
KISS - Keep It Simple Stupid
