CentOS最小化安装Gnome和VNC

admin — Mon, 15 Mar 2010 13:58:02 +0000

小内存的VNC解决方案。关于VNC的介绍和安装可以参考这篇:http://www.vpser.net/manage/linux-vps-install-kde-gnome-vnc.html 这里采用tightvncserver作为VNC服务端,比较省内存,另外也可以在安装有java运行环境的浏览器直接远程打开VNC客户端连接.当然你也可以继续用通常的VNC连接方式连接登录.

运行截图

SSH终端截图.按内存使用大小排序

很简单吧.只要你有安装java运行环境(Java Runtime Environment)就可以直接通过浏览器登录你的Linux服务器.

安装教程(简单三步,step by step!)

1.安装x-window桌面和Gnome环境先.

yum groupinstall "X Window System" "GNOME Desktop Environment"

2.添加中文支持和浏览器

yum -y install fonts-chinese firefox

3.安装tightvnc.
(CentOS 5 64Bit)

wget http://packages.sw.be/tightvnc/tightvnc-server-1.3.9-3.el5.rf.x86_64.rpm rpm -ivh tightvnc-server-1.3.9-3.el5.rf.x86_64.rpm --force --nodeps

(CentOS 5 32Bit)

wget http://packages.sw.be/tightvnc/tightvnc-server-1.3.9-3.el5.rf.i386.rpm rpm -ivh tightvnc-server-1.3.9-3.el5.rf.i386.rpm --force --nodeps

其他版本到http://packages.sw.be/tightvnc找对应的rpm包.

补充:必须做以下操作,否则会因找不到字体路径而无法启动!

mkdir -p /usr/X11R6/lib/X11 ln -s /usr/share/X11/fonts /usr/X11R6/lib/X11/fonts

------- end -------

使用方法(以会话ID:1为例)

启动vnc.执行命令:

vncserver :1 -httpport 9001 -name icodex_desktop -depth 24 -geometry 1024x768

关闭vnc,执行命令:

vncserver -kill :1

参数说明:

usage: vncserver [:] [-nohttpd] [-name ] [-depth ]
[-geometry x]
[-pixelformat rgbNNN|bgrNNN]
...

vncserver -kill

:1 > 会话ID.你可以建立多几个会话ID
-httpport|-nohttpd > 打开的TCP访问端口或者关闭TCP访问
-name > 命名.这个随意了...
-depth > 色彩深度设置16位或24位,32位是不启动的.
-geometry > 屏幕纵横比
-pixelformat > 像素格式,默认即可

vncserver -kill 杀死会话ID.为会话ID.如:vncserver -kill :1

APF:Linux下强大的防火墙组件

admin — Tue, 02 Mar 2010 05:37:31 +0000

什么是APF？

APF(Advanced Policy Firewall)是 Rf-x Networks 出品的Linux环境下的软件防火墙,被大部分Linux服务器管理员所采用,使用iptables的规则,易于理解及使用.可算是Linux使用较多的防火墙.APF的配置参数众多,有效利用这些配置参数可加强你的服务器安全,APF应该在每一台Linux服务器中得到应用.

安装APF

1.下载最新的安装包并解压缩,APF项目详细信息.

#cd /usr/local/src #wget http://www.rfxn.com/downloads/apf-current.tar.gz #tar -zxf apf-current.tar.gz #cd apf-9.7-1/

2.执行安装

#sh ./install.sh

结束安装好你会得到一些信息:

... Installation Details: Install path: /etc/apf/ Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf ...

3.进行详细配置

#vi /etc/apf/conf.apf

默认的参数适合大多数场合,按照需要进行修改即可

DEVEL_MODE="1" >> DEVEL_MODE="0" RAB="0" >> RAB="1" RAB_PSCAN_LEVEL="2" >> RAB_PSCAN_LEVEL="3" TCR_PASS="1" >> TCR_PASS="0" DLIST_PHP="0" >> DLIST_PHP="1" DLIST_SPAMHAUS="0" >> DLIST_SPAMHAUS="1" DLIST_DSHIELD="0" >> DLIST_DSHIELD="1" DLIST_RESERVED="0" >> DLIST_RESERVED="1"

流入端口过滤

# Common ingress (inbound) TCP ports IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,443,465,993,995,3306" # Common ingress (inbound) UDP ports IG_UDP_CPORTS="21,53,465"

流出端口过滤,虚拟主机推荐开启

# Outbound (egress) filtering EGF="1" # Common outbound (egress) TCP ports EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,3306" # Common outbound (egress) UDP ports EG_UDP_CPORTS="20,21,53,465"

ICMP过滤

# Common ICMP outbound (egress) types # 'internals/icmp.types' for type definition; 'all' is wildcard for any EG_ICMP_TYPES="all"

另外还有两个值得注意的设置文件: /etc/apf/allow_hosts.rules 和 /etc/apf/deny_hosts.rules 可设置目标主机的过滤规则.如添加信任主机操作等.

启动APF

#/usr/local/sbin/apf -s

重启APF

#/usr/local/sbin/apf -r

查看运行日志

#tail -f /var/log/apf_log

添加为系统启动

#vi /etc/rc.local

在其中添加 "/usr/local/sbin/apf -s" 即可(不含双引号).

详细参数说明

usage /usr/local/sbin/apf [OPTION]
-s|--start ......................... load all firewall rules
-r|--restart ....................... stop (flush) & reload firewall rules
-f|--stop........ .................. stop (flush) all firewall rules
-l|--list .......................... list all firewall rules
-t|--status ........................ output firewall status log
-e|--refresh ....................... refresh & resolve dns names in trust rules
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
 immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
 immediately load new rule into firewall
-u|--remove HOST ................... remove host from [glob]*_hosts.rules
 and immediately remove rule from firewall
-o|--ovars ......................... output all configuration options

此外,APF自9.6 (rev:2)版本之后增加了RAB模块.该模块取代了旧版本的antidos模块.可有效减轻拒绝服务攻击带来的影响,但需要iptables的内核模块ipt_recent的支持.如下图我在VPS上启动APF后的屏显,提示RAB模块无法启用.内核模块ipt_recent没有找到.因此建议在内核支持以及iptables模块支持的情况下使用.

Faq

Problem: If you get this error apf(xxxxx): {glob} unable to load iptables module (ip_tables), aborting.
Solution: Try changing SET_MONOKERN=”0″ to SET_MONOKERN=”1″ , then apf -r

Problem: If you get this message: apf(xxxxx): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.
Solution: you need to change DEVEL_MODE=1 to DEVEL_MODE=0, make sure your config is working first.

Via:http://www.securecentos.com/basic-security/install-firewall/

iCodex's Blog » Linux