From PCLinuxOS Wiki

Contents 1 Setting up a Webserver 1.1 Using Synaptic 1.2 Setting up Xampp 1.2.1 SECURITY WARNING!! Shocked 1.2.2 Configuring Xampp 1.3 SSH on PCLinuxOS 1.4 VNC on PCLinuxOS 1.5 Tunneling VNC through SSH 1.6 Special Programs 1.7 Troubleshooting 1.8 (free)NX on PCLinuxOS

Setting up a Webserver

There are several web servers available, my personal favorite is apache. Apache is so wonderful because the power within the configurations.

There are basically two ways of setting up a personal webserver with PCLinuxOS. You can either get Apache and the other components from Synaptic, or you can download and install the Xampp webserver package yourself. Despite how it sounds, this actually is not all that difficult!

Using Synaptic

The procedure explained below uses the Synaptic Software Manager to install all needed components for setting up a webserver.

1. Open Synaptic
2. search for the following packages to install :
   • Add phpMyAdmin and all deps
   • Add the main "mysql" package (can't remember specific name), and deps
3. Apply your changes; this installs the selected packages.
4. Go to "PCLinuxOS Control Center"
5. Browse to System > Services
6. Start "httpd" and "mysqld" (make sure to check them if you want it to run at boot)
7. pop up your web browser and enter the url : "http://127.0.0.1"
8. if you succeeded, you should read : "It Works". This is the index.html file from "/var/www/html/index.html" (default directory)
9. Then in the url box I entered "http://127.0.0.1/phpMyAdmin" and this will return a login window
10. To login, enter root and NO password.
11. Then you will be presented with the PHPMyAdmin page and look for a url called "Privileges", click on it
12. Edit user root and change the password. (The top one, not the one further down on the page)
13. Done. And because your password has changed, when you try to click elsewhere in PHPMyAdmin you will presented with another login screen. Just enter root and the password you changed.

Everything has now been installed and your website's files are located in /var/www/html.

Have fun, but consider what this does for your computer's security. It is advised not to setup a webserver on the desktop you use for daily work unless you know what you're doing.

Setting up Xampp

So here is a simple way to get Apache up and running. Below we'll describe how to install and setup this wonderful webserver software called Xampp. I recommend this because it's Apache and does most of the work for you. There are alternatives, but like.. who cares, right? Wink

XAMPP is a simple solution for starting your simple/personal web server, this has mostly everything one would need to start a website, and includes full documentation and security measures, a great way to start web development or even to start working with a scripting language like perl, python, and even php. You can find out more on their site, but note, this is only for those who have taken the steps of installing the distribution or who know how to create a partition and mount it for saving files. If you do not fall into one of those catagories, your best bet is to not even mess with personal web server hosting.

SECURITY WARNING!! Shocked

Never, ever install a web server onto a personal desktop/laptop unless you're using it for development. This is because it is easier for a "Cracker" to gain access to one's personal files. Always use a spare older or outdated computer with only the basic stuff needed. The more you install, the more risk you will run of an attacker using bad source-code on your box to gain access and allow for many things to be done once he's gotten that far. Remember to apply security for everything and never use the same passwords for everything. that being said, here are a few tips for making it harder on an attacker:

1. Remember to make a sub-directory under the root folder (" / ") called: "srv" if one is not already created, you will want to make most of these files and folders read-only:

in the shell, it would look like this:

user@example~:$ cd /srv
user@example:/srv$ su -c ' chmod 644 <filename>
password:

The above is a simple way to make it so that root is the only person able to have write access. There is a site, http://www.ss64.com/bash/chmod.html where you can learn more about chmod and it even has a tool inside that page that allows you to adjust chmod's simple and easy like Smiley. Make sure not to use the "<", ">" and make sure that you always use the su -c 'program name' for running programs as super user, because the -c just runs that one program and then once finished, it will log out and back to the normal user account.

Another frequently used place for storing websites you are 'hosting' is the /var/www folder.

Configuring Xampp

Okay, we have created our own personal directory for the server and chmoded all the files and folders; we are now ready to start to point apache to this folder. As we will want to configure the apache.conf to point here, I will choose to create another folder within the system and call it www, so it will come out looking like: "/srv/www"

Ok, here is the apache.conf I have setup for a my personal development site:

# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
# Feel free to copy and paste all of this into your apache.conf or whatever your main configure
# file is.
DocumentRoot "/srv/www/"

# Aliases: aliases can be added as needed (with no limit). The format is
# Alias fakename realname
# This is for creating a link within apache for the icons it defaults with during install.  It's
# Mainly just an example of how to add a non /srv/www directory into apache and the link
# would look like " http://localhost/icons " without the quotes. Cool huh?
Alias /icons/ "/usr/share/apache2/icons/"

<Directory "/usr/share/apache2/icons">
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

# the main configuration file consists of many of these examples, and all can be tested and
# toyed with, just backup the main config file by copying it, pasting it, or renaming it with a
# ~ at the end of it.  Just play around with it, and if all goes wrong, just remove the ~ from
# the name of the backup or paste the copy made back in.  All of this will have to be done
# from within the superuser trick i showed you before. but here is the command for doing
# this incase you just want to have it for later:
# su -c  'mv /home/username/apache2.conf /etc/apache2
# make sure to make another backup or just use the command "cp" instead of "mv"

Well that about covers the simple personal web server, if you have any more question's about apache configs, there are massive amounts of tutorials around the net, I recommend using the apache website at: [1]. There is so much help available from that one site that is often overlooked. The best way to learn anything though, is through trial and error, make the proper backups and tinker. That is what truly sets the common hacker apart from the crowd.

Also check out http://jrandomhacker.info/PCLinuxOS/remote_work for Sy's step-by-step notes.

There are four common ways to get remote access to your Linux system:

• SSHd/SSH (command line secure access)
• VNC (gui insecure access)
• Tunneling applications through SSH.
• Special Programs based off of VNC or SSH.

Make sure to check the troubleshooting section at the end of this page if you are having problems.

SSH on PCLinuxOS

SSH is the secure replacement for telnet. It offers robust command line remote access, and may be considered very secure.

The configuration file is stored at /etc/ssh/sshd_config. In general, you should not edit this file unless you want to change the default listening port (which is 22). Authentication attempts are logged in /var/log/messages.

To start the ssh service on your PCLinuxOS machine, use the command service sshd start and to get the service to start at boot chkconfig --levels 35 sshd on.

To connect to your PCLinuxOS SSH server, you will need to open the port (22) ssh is using on your firewall, and forward the port from your router (if applicable). Also you will need client software running on the PC you want to connect from. Linux and Windows can use the program putty although Linux distros usually include that SSH program by default.

Once you connect to your PCLinuxOS machine with SSH (self-explanatory with Putty, ssh <IP> -l <user> for the Linux/Unix command line client, you will have secure and robust command line remote access to your PC!

SSHd can utilize TCP wrappers for access control independently of iptables. See this manual for details.

VNC on PCLinuxOS

VNC is a way to gain GUI remote access to your PCLinuxOS machine. Before running VNC you need to be aware of the following:

1. VNC encrypts your initial password, other than that, everything is sent in plain text. If it's viewable on your screen, anyone on the LAN or Internet can also see this image and everything in it.
2. The VNC server generally assigns ports based upon how many instances you have running (the first instance is called remote X desktop #1 and is run on port 5901, the second is port #2 and is run on port 5902 and so on).

To start up a VNC server, use the command vncserver. Pay careful attention to the output - it should look like New 'X' desktop is localhost:1 which means the VNC server is running on port 5901.

On the machine you are connecting from, you will need a VNC client. On Linux you can use the Krdc that comes with KDE-Network and on Windows you can use TightVNC.

Your router will need to do port forwarding and your firewall will need the appropriate ports open. This can be challenging, or insecure, given the number of ports that need to be opened. A great solution to both of these problems is to tunnel VNC through SSH.

When done using vnc you can issue the command vncserver -kill :1 where :1 corresponds to port 5901.

Tunneling VNC through SSH

To overcome the problems with VNC (security and too many ports that need to be forwarded), it can be tunneled through SSH.

To tunnel a VNC server through SSH, you need the following:

• SSHd running and accessible on a port (usually 22)
• VNC running, but not accessible remotely (no port forwarding).
• Both an SSH and VNC client on the remote PC.

To install the VNC server, log into it and type

su
apt-get install tightvnc-server
vncserver

To connect to your machine from a Linux or Unix terminal, issue the command

ssh -L 5901:127.0.0.1:5901 -p 22 <IP of home machine or router>

then use your VNC viewer to connect to 127.0.0.1::5901 or 127.0.0.1:1 - remember to note that port 5901=display 1, 5902=display 2, etc.

To connect to your machine from a Windows terminal follow the instructions here replacing 5900 and 5903 with 5901.

In either case you are telling traffic going to 127.0.0.1 on port 5901 to be re-directed down the SSH tunnel and on the other end to connect to 127.0.0.1 port 5901. The result is that SSH wraps VNC in strong encryption.

This example can be easily extended to various network applications. What if you wanted to get to other Linux machines on your network? Change ssh -L 5901:127.0.0.1:5901 -p 22 <IP of home machine or router> to ssh -L 5901:<IP of other Machine on LAN>:5901 -p 22 <IP of home machine or router> - now your tunnel will let you connect to a second machine running VNC.

Another example would be securing WinXP's remote desktop. Windows does not have an SSH server built in, although you can purchase one from ssh.com. If you were running psylos-frontline as your firewall/router, you could use the following putty configuration from your remote PC - ssh to <IP of PCLoS frontline - port # - enabled SSH tuneling - port 3389 local - <IP of Windows machine>:3389 remote and connect. This example is explained in greater detail here.

Special Programs

Here is a brief list of programs that allow remote access to your PC for a specific purpose. Typically, they are based on SSH, although one uses VNC.

• WinSCP - Win32 application - Securely transfer files through an SSH tunnel. The interface is similar to most FTP programs.
• gFTP - gnome application - FTP client that also lets you transfer files via SSH.
• Konqueror - KDE browser - includes an SCP client accessible in the browser by typing fish://<SSH server IP>:ssh port
• fwbuilder - cross-platform firewall configuration tool - uses ssh to transfer firewall rules.
• Vino - gnome application - uses VNC to run a remote desktop server.
• VoLANs - many companies have developed PPP through SSH programs that add routing capabilities to SSH servers, making them VPN servers.

Troubleshooting

There are about 7 common items/places that usually cause frustration and problems when using ssh/vnc:

1. Your ISP doesn't want you to run an SSH server and filters 22 inbound (common problem).
2. Your hotspot/workplace/etc doesn't want you connecting to SSH servers and blocks 22 outbound (very common problem).
3. You lack administrative rights on the machine you are connecting from and can not install an SSH client.
4. Your Internet connection has high latency or is maxed out with other traffic.
5. You have misconfigured your router, firewall or TCP Wrappers.
6. You used a weak password and someone else now owns your PC.
7. Putty is not properly configured.

Additional Notes:

• File transfer through SSH will top out around 5-10 Mbps on older machines, so it will be slower on a LAN than ftp.
• SSH and VNC ports may be blocked by your firewall.
• SSH version 1 has some flaws - version 2 which ships with PCLinuxOS can be considered secure.
• Encryption may be illegal in your country.

---

(free)NX on PCLinuxOS

Steps to success for installing NX on PCLinuxOS. The freeNx that comes with PCLos is version 1.5, and the windows 1.5 client is no longer available on the www.nomachine.com site. And they now have a "free beer forever" linux nxServer version so this is the version the following instructions are for.

1. Activate the OpenSSH via PCLinuxOS Control Center. It's not turned on by the default install, and nx needs ssh to work.
2. Optional: use putty or other ssh client to test that you can ssh from your windows box to your linux box.
3. Download the nxnode, nxclient and nxserver files from www.nomachine.com
   • the freenx server that is available via Synaptic is version 1.5 and needs the 1.5 client which I couldn't find on the www.nomachine.com client. So, since they now have a "free as in beer forever" linux server -- I used it instead of the FreeNx server.
4. as root -- navigate to the directory you downloaded the rpm's in

rpm -ivh <rpm_name.rpm>   --- first do the node, then the client, then the server

1. Download and install the nx client for indows
2. Follow the "setup connection wizzard" on windows
3. You may need to update/generate dsa keys. The instructions for doing so are on the www.nomachines.com site: http://www.nomachine.com/ar/view.php?ar_id=AR01C00126

That's what it took for me, anyway. CategoryAdvanced