Posted: Dec 13, 2002 - 08:31 Hi,
Does anyone know how to stop X11 from listening. It seems to listen on port 6000.
I have managed to turn off all other services and then scanning with nmap my own machine.

It shows:-
port state Service
22/tcp open ssh
6000/tcp open X11

I could just block port 6000 but new connections can be set up on higher random allocated ports. I want to stop X11 showng as listening when scanned and prevent connections to the service and still be able to use X-windows on the localhost.

add this to your
/usr/X11R6/bin/startx:
serverargs="-nolisten tcp"

That works. Great.
Cheers.

Does this work if you boot into a GUI? How would you do it if that doesn't stop it?

I cant see why it shouldnt. Have you tried it?

ps -eaf shows

xinit /root/.xinitrc -- /usr/X11R6/bin/X -nolisten tcp

so xinit is starting X with the -nolisten tcp argument after the change .

No it doesnt. I just tried it.

I edited the inittab to default to run level 5
I now get the GUI login
I now get a terminal window with a black background instead of white, (whys that different).

netstat -peat shows that X11 is listening on port 6000

So whys that different? anyone?
And how do I change it?, because this would be the preffered way of starting X sometimes.

More questions than answers.

An update,

ok, when I boot up into the GUI I get the gnome desktop,
thats why the default terminal is black.
When I startx manually from run level 3 I am using the ICE window manager.

I prefer the ICE wm so how do I get that to be default?

Help!

Maybe this cant be done! from the X man page I can only find Host Access. I dont think this stops X11 from listening though. It allows connections and checks if there is a permission to "connect".
Is that true.

Turns out that xdm is used for a GUI logon and that xinit is used for a manual start of the GUI.

I have rewritten the /usr/X11R6/bin/Xssession file and can get ICE wm to start as the GUI automatically
.
Now I have X11 showing up in Netstat -peat again listening on port 6000.

Its a relief in a way because I thought I was getting away from the security issue.

So, any Ideas how to stop X from listening when defaulting to the GUI during log on.

i myself was trying to do allmost the same thing as you my friend, and i found it quite tricky. my advise is to use some session-manager like gdm (gnome display manager), kdm (kde display manager) instead of just plain xdm. if you use gdm (like i do) then i might be able to help. i did like this: edit file /etc/X11/gdm/gdm.conf (at least thats where i found it on my slackware 8.1) just search for it otherwise. find the line "StandardXServer=/usr/X11R6/bin/X" and add the -nolisten tcp flag, etc "StandardXServer=/usr/X11R6/bin/X -nolisten tcp" then there is another opton witch is probably the important one, looks something like this:
#
# Definition of the standard X server.
[server-Standard]
name=Standard server
command=/usr/X11R6/bin/X
flexible=true

edit the "command=/usr/X11R6/bin/X" to "command=/usr/X11R6/bin/X -nolisten tcp" (no " off course).
save the file and try again. i tried to find out how to do the same with "xdm" but i cant seem to understand how. anyway gdm works fine for me.

hmm, i think i missed the obvios, "/etc/X11/xdm" contains a file called "Xservers" in the file there is a line ":0 local /usr/X11R6/bin/X" probably just change it to:
:0 local /usr/X11R6/bin/X -nolisten tcp will do the trick..
hope this helped.

Thanks RuZz
I will try this out.
Sorry for lack of response. I am installing a Kitchen!!
This seems to be the solution as other forums are saying the same thing.
Cheers.