[Lancaster] remote desktop / xdmcp problem

andy baxter andy at earthsong.free-online.co.uk
Sat Aug 15 04:32:21 UTC 2009 

Cheers Wayne!

I'll have a look at bastille. I want to have a go with the virtual 
machine thing; the worry is that this will reduce performance too much, 
but the thing to do is test it I guess and see how much difference it 
makes in practice.

andy

Wayne Ward wrote:
> I used to setup various security measures when i was running the "big 
> stuff" online
> i never chrooted anything to be honest because it was complicated as it 
> was plus i was just moving my internet faced servers
> into virtulisation as i was leaving but had some machines running in 
> vmware as this would be easy for me to get support for  as things were 
> getting fairly big from smallish company to enterprise :)
> the servers i built from scratch gentoo boxes hardened kernel - hand 
> built iptables firewall although we was behind a firebox i had full 
> control of what was going in and out (real paranoid!) - very cut down 
> install no X of course - remote secure logging with syslog-ng - tripwire 
> (a must) - chrootkit on regular cron - snare or snort
> and to top it all of very secure coding if you can !!!
> most of the above programs sends emails so i used to get them on my 
> phone any sign of tampering ssh straight into the logging server and see 
> what the hells going down!!!
> in them eight years i never had a hack - I had two mail servers online - 
> 4 web servers - 4 database server (behind the firewall) and various 
> other bits of kit - we did play with a honeypot!
> When you start playing try bastille - its a script that locks down a 
> box, the thing is you can see the kind of things it starts locking down 
> so puts you in the frame of mind of lock down :)  hey you got to start 
> somewere!
> then get loaded up with some tools go to a friends hows get some beers 
> and try crack it ;) if you get in then your server wants setting up 
> properly ;) various goodies to hit it with are available if you want 
> something fast nmap it see if the ports are shut properly then nessus it 
> this will tell you if its vunerable or actually just kill the box then 
> you know it isnt setup right ;)
> plenty of howtos about that will help you more on google ...
> as there are plenty of other things to tighten security :
>
>     * User Account Administration
>     * Filesystem Security
>     * System Resource Limits
>
> always have a backup always have a plan for that day when you come in 
> and your web page says hAckEd bY......
>
> Regards
> Wayne :)
>
> ps i liked this so much i blogged it ;)
>
>
>
>
> andy baxter wrote:
>   
>> Re-sending as the original hasn't got to the list yet...
>>
>> Wayne Ward wrote:
>>     
>>> hi andy hows the performance of the new small factor box you bought?..
>>> have you thought of how you are going to setup the test web server yet
>>> IE chroot or in a virtual machine ...
>>>
>>>   
>>>       
>> It uses about 40-50% CPU playing a dvd from a usb drive in mplayer. Not
>> sure if it's using the hardware acceleration on the graphics chipset.
>> The CPU is 1.2Ghz single core, and I have 1Gb of RAM. Seems pretty good
>> so far.
>>
>> What I would like to do is run the net-exposed server stuff in some kind
>> of virtual machine, then write a script which monitors the filesystem
>> the VM is running on to look for any signs of a break in. (Using aide,
>> chkrootkit, etc. ). I don't know much about virtualisation, so any
>> advice would be appreciated here. I was thinking user-mode linux might
>> be good for this, but not sure yet. The idea is to keep the monitoring
>> program one level above the stuff it's monitoring, to make sure it's not
>> the first thing that gets compromised if someone cracks the machine.
>>
>> any thoughts?
>>
>> andy
>>     
>>> Wayne
>>>
>>> andy baxter wrote:
>>>  
>>>       
>>>> Thanks! I hadn't thought of using vnc. It turns out there's a program
>>>> called x11vnc which grabs the current X11 display and turns it into a
>>>> vnc server session.
>>>>
>>>> It's working great - I'm now playing a film on the mini-itx box with 
>>>> the
>>>> keyboard and mouse controlled by my laptop.
>>>>
>>>> Cheers,
>>>>
>>>> andy
>>>>
>>>> John Scott wrote:
>>>>      
>>>>         
>>>>> Try VNC...If I remember correctly, it grabs the current X session and
>>>>> displays it locally.
>>>>>
>>>>> Cheers
>>>>> John
>>>>>
>>>>> -----Original Message-----
>>>>> From: lancaster-bounces at mailman.lug.org.uk
>>>>> [mailto:lancaster-bounces at mailman.lug.org.uk] On Behalf Of andy baxter
>>>>> Sent: 14 August 2009 01:23
>>>>> To: Lancaster Linux User Group
>>>>> Subject: [Lancaster] remote desktop / xdmcp problem
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I have two machines, a laptop and a mini-itx box. I want to be able 
>>>>> to run an X session on the mini-itx box and have it displayed on 
>>>>> both machines at the same time. This is different from the standard 
>>>>> xdmcp remote desktop situation where you want a different session 
>>>>> on the client to the mini-itx box - what I want is to have the 
>>>>> keyboard and mouse from the laptop controlling the session, but to 
>>>>> have the same session displayed through the video card on the 
>>>>> mini-itx.
>>>>>
>>>>> Does anyone know how to do this? I already have standard xdmcp 
>>>>> logins working.
>>>>>
>>>>> (The original problem was to find a simple way of playing videos 
>>>>> and music on the mini-itx box without having to have a keyboard and 
>>>>> mouse permanently attached to it.)
>>>>>
>>>>> Cheers,
>>>>>
>>>>> andy
>>>>>
>>>>> _______________________________________________
>>>>> Lancaster mailing list
>>>>> Lancaster at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>>>>>
>>>>>
>>>>>
>>>>>             
>>>>>           
>>>> _______________________________________________
>>>> Lancaster mailing list
>>>> Lancaster at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>>>>       
>>>>         
>>>   
>>>       
>>     
>
>

More information about the Lancaster mailing list