In most modern Linux distributions, the TCP port of the local X11 server is already disabled by default, by starting the X11 server with the option "-nolisten tcp". That makes it accessible only locally (using the Unix socket in /tmp/.X11-unix) or using a secure X11 forwarding service like SSH.
To disable the X11 service, shutdown the display manager (gdm/kdm/xdm/*dm) and prevent it from starting at system boot.
This also means there won't be a GUI login dialog on the console, only a text-mode login prompt.
The exact steps to do it? That depends on which Linux distribution you're using.
In RedHat and related distributions, this is usually done by changing the default run level from 5 to 3. This is controlled by the "initdefault" line in /etc/inittab.
Change this line:
id:5:initdefault:
to this:
id:3:initdefault:
Be very careful when editing /etc/inittab: a typo could make your system unable to complete the boot sequence.
After changing the default runlevel value, you can transition the system to the new runlevel immediately by using the "telinit 3" command. Or you might want to reboot the system, to make sure your change works as intended.
In Debian and related distributions, one way to disable the X11 server would be to change the value in the /etc/X11/default-display-manager file to anything that is not a valid display manager pathname, e.g. to "none".
MK
MK
