palm84.com

革命的愛熊主義者同盟!

SystemRescue 7.01でVNCサーバーの起動

f:id:palm84:20210228011556p:plain

version 5.x の頃と比べると機能がめっちゃ減っちゃいましたが、使いやすくなる様になんとかがムばっとります。 LAN内での接続方法です

INDEX

about

SystemRescueCd 改め SystemRescue になりました(CDサイズなのにw)。ver 6.x 以降には入っていない VNCサーバを一時インストールして起動させてみたのであります。まぁ、Arch ユーザーならお茶の子さいさいやったりしますかなw

systemrescue-7.01-amd64.iso (699MB) での確認です。

  • おおまかに…
    1. pacman で x11vnc をインストール
    2. iptables - ファイアウォールの設定
    3. x11vnc 起動

はい、こんだけ(笑)

x11vnc インストール

  • pacman とだけ打つ
[root@sysrescue ~]# pacman
warning: database file for 'core' does not exist (use '-Sy' to download)
warning: database file for 'extra' does not exist (use '-Sy' to download)
warning: database file for 'community' does not exist (use '-Sy' to download)
error: no operation specified (use -h for help)
  • -Sy でダウンロードしてね、と
[root@sysrescue ~]# pacman -Sy
:: Synchronizing package databases...
 core                  131.1 KiB   238 KiB/s 00:01 [######################] 100%
 extra                1657.4 KiB   464 KiB/s 00:04 [######################] 100%
 community               5.4 MiB   408 KiB/s 00:14 [######################] 100%

f:id:palm84:20210228011440p:plain

  • xrdp はなし?、x11vnc ハケーン
[root@sysrescue ~]# pacman -Ss xrdp
extra/genxrdpattern 1.1-2
    Uses ObjCryst++ to generate a theoretical XRD pattern
[root@sysrescue ~]# pacman -Ss vnc
extra/gtk-vnc 1.0.0-2
    A VNC viewer widget for GTK+
extra/libvncserver 0.9.13-1 [installed]
    Cross-platform C libraries that allow you to easily implement VNC server or
    client functionality
extra/vinagre 3.22.0+35+gadcb63c-2
    A VNC Client for the GNOME desktop
extra/vino 3.22.0+72+g3fe1f12-1 (gnome)
    A VNC server for the GNOME desktop
community/python-pyvirtualdisplay 2.0-1
    Python wrapper for Xvfb, Xephyr and Xvnc
community/tigervnc 1.11.0-6
    Suite of VNC servers and clients. Based on the VNC 4 branch of TightVNC.
community/virtualbox-ext-vnc 6.1.18-2
    VirtualBox VNC extension pack
community/vncdotool 1.0.0-2
    A command line VNC client
community/x11vnc 1:0.9.16-4
    VNC server for real X displays

f:id:palm84:20210228011445p:plain

  • x11vnc をインストール
[root@sysrescue ~]# pacman -S x11vnc
resolving dependencies...
looking for conflicting packages...

Packages (1) x11vnc-1:0.9.16-4

Total Download Size:   0.68 MiB
Total Installed Size:  1.73 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 x11vnc-1:0.9.16-...   692.0 KiB  84.0 KiB/s 00:08 [######################] 100%
(1/1) checking keys in keyring                     [######################] 100%
(1/1) checking package integrity                   [######################] 100%
(1/1) loading package files                        [######################] 100%
(1/1) checking for file conflicts                  [######################] 100%
:: Processing package changes...
(1/1) installing x11vnc                            [######################] 100%
Optional dependencies for x11vnc
    tk: for GUI support
    net-tools: for -auth guess [installed]
    xf86-video-dummy: for Xdummy script [installed]
:: Running post-transaction hooks...
(1/3) Reloading system manager configuration...
(2/3) Arming ConditionNeedsUpdate...
(3/3) Updating the desktop file MIME type cache...

f:id:palm84:20210228011448p:plain

設定して起動させちゃいましょう。

  • パスワードを設定
root@sysrescue ~]# x11vnc -storepasswd
Enter VNC password: 
Verify password:    
Write password to /root/.vnc/passwd?  [y]/n y
Password written to: /root/.vnc/passwd

f:id:palm84:20210228011455p:plain

  • はい、起動
[root@sysrescue ~]# x11vnc -usepw -forever

f:id:palm84:20210228011458p:plainf:id:palm84:20210228011503p:plain

端末は閉じると終了するので注意。

iptables - ファイアウォールの設定

安全な環境ならファイアウォールを停止してもいいかも?

家庭内LANとかならええんちゃうw

# systemctl stop iptables

  • 現在のルールを確認
root@sysrescue ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW
LOGDROP    all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain LOGDROP (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 10/sec burst 5 LOG level warning prefix "iptables-dropped: "
DROP       all  --  anywhere             anywhere            

f:id:palm84:20210228011507p:plain

x11vnc への INPUT を許可する必要があります。

  • x11vncファイアウォールのルールを編集
root@sysrescue ~]# nano /etc/iptables/iptables.rules
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-N LOGDROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -j LOGDROP
-A LOGDROP -m limit --limit 10/sec -j LOG --log-prefix "iptables-dropped: "
-A LOGDROP -j DROP
COMMIT

f:id:palm84:20210228011512p:plain
f:id:palm84:20210228011515p:plain

  • 9行目に2行を挿入
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-N LOGDROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:5910 -j ACCEPT
-A INPUT -j LOGDROP
-A LOGDROP -m limit --limit 10/sec -j LOG --log-prefix "iptables-dropped: "
-A LOGDROP -j DROP
COMMIT

f:id:palm84:20210228011519p:plain

  • iptables を再起動
[root@sysrescue ~]# systemctl restart iptables.service 

f:id:palm84:20210228011524p:plain

  • ルールを確認
root@sysrescue ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:rfb:cm
LOGDROP    all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain LOGDROP (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 10/sec burst 5 LOG level warning prefix "iptables-dropped: "
DROP       all  --  anywhere             anywhere            

f:id:palm84:20210228011528p:plain

VNCビューアからアクセス

私は下記のやつを使っとります。


  • Display No. (IPアドレス:0) は付けなくってもイケましたで

f:id:palm84:20210228011539p:plainf:id:palm84:20210228011543p:plainf:id:palm84:20210228011549p:plain

  • ジャジャーン

f:id:palm84:20210228011556p:plain

いろいろ

尚、RAMに余裕があれば、ルーター越えも可能な Anydesk がインストールできそうですが、シンドそうなのでまた今度にします...


ほなキュー!