Servidor VNC no Fedora

nepsck

Este tutorial, é para a construção de um Servidor VNC no Fedora, para acesso a multi-usuários. Usando aplicação
VNC-Cliente ou navegador WEB, via Java.

[ Hits: 9.215 ]

Por: anderson em 12/03/2012

0 0

Denuncie Favoritos Indicar Impressora

Introdução e Documentação

Introdução

A princípio, o cenário para este artigo seria um Laboratório de Informática, um Servidor e várias máquinas acessando remotamente para testes das mais diversas aplicações, mas pode ser utilizado para diversos fins.

Na construção deste Servidor, optei por um Shell Script básico, mas eficiente, para agilizar e facilitar nossa vida.

Documentação

Iniciaremos com uma dica simples, vamos nos organizar e criar o hábito de documentar o que é feito no Servidor.

Após a instalação do Fedora 16 básico (GNOME) ou similar, acesse o terminal como Root, e crie uma pasta em "/root":

# mkdir /root/vncFedora
# cd /root/vncFedoora

Dentro de “vncFedora”:

# gedit install.sh

Ou:

# vim install.sh

No aquivo, cole e edite o arquivo no lugar de SEU DOMINIO, mude para o seu domínio (Exemplo: qualquer.coisa.com.br ou, pelo seu IP, exemplo: 192.168.1.171).

#! /bin/bash
######## Principais programas a serem instalados 
yum install -y tigervnc-server
yum install -y tigervnc
yum install -y tigervnc-server-applet.noarch 
yum install -y libvncserver
yum install -y gtk-vnc
yum install -y tigervnc-server-module
yum install -y xorg-x11-xinit
yum install -y xinetd
yum install -y httpd
yum install -y mod_ssl
yum install -y mod_auth_pam
yum install -y php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-
magickwand php-magpierss php-mapserver php-
mbstring php-mcrypt php-mhash php-mssql php-shout php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 
libxml2-devel
yum install -y mysql mysql-devel mysql-server
yum install -y httpd-devel ruby ruby-devel
yum install -y mod_python
yum install -y mod_perl
yum install -y perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1 perl-ExtUtils-AutoInstall perl-NetAddr-IP perl-Archive-Tar
yum groupinstall -y  "Development Tools"
yum install -y ntp
######## Backup 
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-old
cp /etc/ssh/sshd_config /etc/ssh/sshd_config-old
cp /etc/services /etc/services-old
cp /etc/gdm/custom.conf /etc/gdm/custom.conf-old
cp /etc/sysconfig/selinux  /etc/sysconfig/selinux-old
######## Configuração 
cp /root/vncFedora/vncserver-etc-xinet.d  /etc/xinetd.d/vncserver
cp /root/vncFedora/vncserver-etc-init.d /etc/init.d/vncserver
echo 1 > /proc/sys/net/ipv4/ip_forward
chkconfig httpd on
chkconfig mysqld on
####### selinux
echo "" >> /etc/sysconfig/selinux
echo "# This file controls the state of SELinux on the system." >> /etc/sysconfig/selinux
echo "# SELINUX= can take one of these three values:" >> /etc/sysconfig/selinux
echo "#     enforcing - SELinux security policy is enforced." >> /etc/sysconfig/selinux
echo "#     permissive - SELinux prints warnings instead of enforcing." >> /etc/sysconfig/selinux
echo "#     disabled - No SELinux policy is loaded." >> /etc/sysconfig/selinux
echo "SELINUX=disabled" >> /etc/sysconfig/selinux
echo "# SELINUXTYPE= can take one of these two values:" >> /etc/sysconfig/selinux
echo "#     targeted - Targeted processes are protected," >> /etc/sysconfig/selinux
echo "#     mls - Multi Level Security protection." >> /etc/sysconfig/selinux
echo "SELINUXTYPE=targeted"  >> /etc/sysconfig/selinux
####### SSH
echo "" > /etc/ssh/sshd_config
echo "#       : sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $" >> /etc/ssh/sshd_config
echo "# This is the sshd server system-wide configuration file.  See" >> /etc/ssh/sshd_config
echo "# sshd_config(5) for more information." >> /etc/ssh/sshd_config
echo "# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin" >> /etc/ssh/sshd_config
echo "# The strategy used for options in the default sshd_config shipped with" >> /etc/ssh/sshd_config
echo "# OpenSSH is to specify options with their default value where" >> /etc/ssh/sshd_config
echo "# possible, but leave them commented.  Uncommented options change a" >> /etc/ssh/sshd_config
echo "# default value." >> /etc/ssh/sshd_config
echo "Port 22" >> /etc/ssh/sshd_config
echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "Protocol 2" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config
echo "KeyRegenerationInterval 5h" >> /etc/ssh/sshd_config
echo "ServerKeyBits 1024" >> /etc/ssh/sshd_config
echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
echo "LogLevel INFO" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "StrictModes yes" >> /etc/ssh/sshd_config
echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "RhostsRSAAuthentication no" >> /etc/ssh/sshd_config
echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication yes" >> /etc/ssh/sshd_config
echo "GSSAPICleanupCredentials yes" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
echo "# Accept locale-related environment variables" >> /etc/ssh/sshd_config
echo "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES" >> /etc/ssh/sshd_config
echo "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT" >> /etc/ssh/sshd_config
echo "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE" >> /etc/ssh/sshd_config
echo "AcceptEnv XMODIFIERS" >> /etc/ssh/sshd_config
echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11DisplayOffset 10" >> /etc/ssh/sshd_config
echo "PrintMotd yes" >> /etc/ssh/sshd_config
echo "PrintLastLog yes" >> /etc/ssh/sshd_config
echo "TCPKeepAlive yes" >> /etc/ssh/sshd_config
echo "Compression yes" >> /etc/ssh/sshd_config
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
echo "Banner /etc/ssh/banner.txt" >> /etc/ssh/sshd_config
echo "Subsystem       sftp    /usr/libexec/openssh/sftp-server" >> /etc/ssh/sshd_config
echo "Bem vindo ao  SEU  SERVIDOR" >> /etc/ssh/banner.txt
##### Service
echo "#local"  >> /etc/services
echo "vnc800x600x16   5900/tcp # VNC & GDM"  >> /etc/services
echo "vnc1024x768x16  5901/tcp # VNC & GDM"  >> /etc/services
echo "vnc1152x864x16  5902/tcp # VNC & GDM"  >> /etc/services
echo "vnc1280x800x16  5903/tcp # VNC & GDM"  >> /etc/services
echo "vnc1280x1024x16 5904/tcp # VNC & GDM"  >> /etc/services
echo "vnc1440x900x16  5905/tcp # VNC & GDM"  >> /etc/services
##### GDM
echo "" > /etc/gdm/custom.conf 
echo "# GDM configuration storage" >> /etc/gdm/custom.conf  
echo "[daemon]" >> /etc/gdm/custom.conf 
echo "[security]" >> /etc/gdm/custom.conf 
echo "AllowRoot=false" >> /etc/gdm/custom.conf 
echo "AllowRemoteRoot=false" >> /etc/gdm/custom.conf 
echo "AllowRemoteAutoLogin=false" >> /etc/gdm/custom.conf 
echo "RelaxPermissions=0" >> /etc/gdm/custom.conf 
echo "CheckDirOwner=true" >> /etc/gdm/custom.conf 
echo "DisallowTCP=false" >> /etc/gdm/custom.conf 
echo "[xdmcp]" >> /etc/gdm/custom.conf 
echo "Enable=true" >> /etc/gdm/custom.conf 
echo "MaxSessions=72" >> /etc/gdm/custom.conf 
echo "MaxPending=72" >> /etc/gdm/custom.conf 
echo "DisplaysPerHost=72" >> /etc/gdm/custom.conf 
echo "[greeter]" >> /etc/gdm/custom.conf 
echo "[chooser]" >> /etc/gdm/custom.conf 
echo "[debug]" >> /etc/gdm/custom.conf
##### IPTABLES 
echo "" > /etc/sysconfig/iptables
echo "# Firewall configuration written by system-config-firewall" >> /etc/sysconfig/iptables
echo "# Manual customization of this file is not recommended." >> /etc/sysconfig/iptables
echo "*filter" >> /etc/sysconfig/iptables
echo ":INPUT ACCEPT [0:0]" >> /etc/sysconfig/iptables
echo ":FORWARD ACCEPT [0:0]" >> /etc/sysconfig/iptables
echo ":OUTPUT ACCEPT [0:0]" >> /etc/sysconfig/iptables
echo "-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -p icmp -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -i lo -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5905 -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A FORWARD -i eth0 -p tcp --dport 5900:5905 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" >> /etc/sysconfig/iptables
echo "-A FORWARD -i eth0 -p udp --dport 5900:5905 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT"  >> /etc/sysconfig/iptables
echo "-A INPUT -j REJECT --reject-with icmp-host-prohibited" >> /etc/sysconfig/iptables
echo "COMMIT" >> /etc/sysconfig/iptables
####### VNC-JAVA
mkdir /var/www/html/vnc800x600 
mkdir /var/www/html/vnc1024x768 
mkdir /var/www/html/vnc1152x864
mkdir /var/www/html/vnc1280x800
cp /usr/share/vnc/classes/* /var/www/html/vnc800x600 
cp /usr/share/vnc/classes/* /var/www/html/vnc1024x768 
cp /usr/share/vnc/classes/* /var/www/html/vnc1152x864
cp /usr/share/vnc/classes/* /var/www/html/vnc1280x800
cp  /var/www/html/vnc800x600/index.vnc   /var/www/html/vnc800x600/index.html
cp  /var/www/html/vnc1024x768/index.vnc  /var/www/html/vnc1024x768/index.html
cp  /var/www/html/vnc1152x864/index.vnc  /var/www/html/vnc1152x864/index.html
cp  /var/www/html/vnc1280x800/index.vnc  /var/www/html/vnc1280x800/index.html
####vnc800x600
> /var/www/html/vnc800x600/index.html
echo "<HTML>" >> /var/www/html/vnc800x600/index.html 
echo "<TITLE>" >> /var/www/html/vnc800x600/index.html 
echo "Bem Vindo ao SEU DOMINIO" >> /var/www/html/vnc800x600/index.html 
echo "</TITLE>" >> /var/www/html/vnc800x600/index.html 
echo "<APPLET CODE=com.tigervnc.vncviewer.VncViewer ARCHIVE=VncViewer.jar" >> /var/www/html/vnc800x600/index.html 
echo "        WIDTH=830 HEIGHT=630>" >> /var/www/html/vnc800x600/index.html 
echo "<param name=PORT value=5900>" >> /var/www/html/vnc800x600/index.html 
echo "</APPLET>" >> /var/www/html/vnc800x600/index.html 
echo "<BR>" >> /var/www/html/vnc800x600/index.html 
echo "<A href='http://SEU DOMINIO/' >SEU DOMINIO</A>" >> /var/www/html/vnc800x600/index.html 
echo "</HTML>" >> /var/www/html/vnc800x600/index.html
#### vnc1024x768
echo "" > /var/www/html/vnc1024x768/index.html
echo "<HTML>" >> /var/www/html/vnc1024x768/index.html
echo "<TITLE>" >> /var/www/html/vnc1024x768/index.html
echo "Bem Vindo ao SEU DOMINIO" >> /var/www/html/vnc1024x768/index.html
echo "</TITLE>" >> /var/www/html/vnc1024x768/index.html
echo "<APPLET CODE=com.tigervnc.vncviewer.VncViewer ARCHIVE=VncViewer.jar" >> /var/www/html/vnc1024x768/index.html
echo "        WIDTH=1054 HEIGHT=798>" >> /var/www/html/vnc1024x768/index.html
echo "<param name=PORT value=5901>" >> /var/www/html/vnc1024x768/index.html
echo "</APPLET>" >> /var/www/html/vnc1024x768/index.html
echo "<BR>" >> /var/www/html/vnc1024x768/index.html
echo "<A href='http://SEU DOMINIO/' >SEU DOMINIO</A>" >> /var/www/html/vnc1024x768/index.html
echo "</HTML>" >> /var/www/html/vnc1024x768/index.html
#### vnc1152x864
echo "" > /var/www/html/vnc1152x864/index.html
echo "<HTML>" >> /var/www/html/vnc1152x864/index.html
echo "<TITLE>" >> /var/www/html/vnc1152x864/index.html
echo "Bem Vindo ao SEU DOMINIO" >> /var/www/html/vnc1152x864/index.html
echo "</TITLE>" >> /var/www/html/vnc1152x864/index.html
echo "<APPLET CODE=com.tigervnc.vncviewer.VncViewer ARCHIVE=VncViewer.jar" >> /var/www/html/vnc1152x864/index.html
echo "        WIDTH=1182 HEIGHT=894>" >> /var/www/html/vnc1152x864/index.html
echo "<param name=PORT value=5902>" >> /var/www/html/vnc1152x864/index.html
echo "</APPLET>" >> /var/www/html/vnc1152x864/index.html
echo "<BR>" >> /var/www/html/vnc1152x864/index.html
echo "<A href='http://SEU DOMINIO/' >SEU DOMINIO</A>" >> /var/www/html/vnc1152x864/index.html
echo "</HTML>" >> /var/www/html/vnc1152x864/index.html
#### vnc1280x800
echo "" > /var/www/html/vnc1280x800/index.html
echo "<HTML>" >> /var/www/html/vnc1280x800/index.html
echo "<TITLE>" >> /var/www/html/vnc1280x800/index.html
echo "Bem Vindo ao SEU DOMINIO" >> /var/www/html/vnc1280x800/index.html
echo "</TITLE>" >> /var/www/html/vnc1280x800/index.html
echo "<APPLET CODE=com.tigervnc.vncviewer.VncViewer ARCHIVE=VncViewer.jar" >> /var/www/html/vnc1280x800/index.html
echo "        WIDTH=1310 HEIGHT=830>" >> /var/www/html/vnc1280x800/index.html
echo "<param name=PORT value=5903>" >> /var/www/html/vnc1280x800/index.html
echo "</APPLET>" >> /var/www/html/vnc1280x800/index.html
echo "<BR>" >> /var/www/html/vnc1280x800/index.html
echo "<A href='http://SEU DOMINIO/' >SEU DOMINIO</A>" >> /var/www/html/vnc1280x800/index.html
echo "</HTML>" >> /var/www/html/vnc1280x800/index.html
####

echo "<HTML>" >> /var/www/html/index.html
echo "<a href=vnc800x600/index.html>vnc800x600</a>">> /var/www/html/index.html
echo "<a href=vnc1024x768/index.html>vncvnc1024x768</a>">> /var/www/html/index.html
echo "<a href=vnc1152x864/index.html>vncvnc1152x864</a>">> /var/www/html/index.html
echo "<a href=vnc1280x800/index.html>vnc1280x800</a>">> /var/www/html/index.html
echo "</HTML>">> /var/www/html/index.html

##### Configuração 
chmod 0755 /etc/init.d/vncserver
chkconfig --add vncserver
chkconfig vncserver on
setsebool sshd_forward_ports=on
####### Concluir
echo " Favor acessar em modo grafico como usuário não root e digitar o comando (vncserver)"
echo " Para acessar  ssh -CXL 5900:localhost:5901 usuario_nao_root@IP_do_server"    
echo " para acessar alguma aplicação via ssh - ssh -X usuario_nao_root@IP_do_server  e depois de logado exemplo: nautilus ou firefox ou 
vncviewer etc..."

Próxima página

Páginas do artigo

1. Introdução e Documentação
2. Documentação (continuação) e Instalação

Outros artigos deste autor

Nenhum artigo encontrado.

Leitura recomendada

VPN - usando SSH

ASTNAGIOS 2.0 + FAN - Solução completa para monitoramento

Diferentes áreas de trabalho com diferentes wallpapers

Engage - o dock do E17 - instalando no Debian Etch

Festival: O sintetizador de voz para Linux

Comentários