We are starting a new section on the LFCS Certification. This section deals with Virtualization.
For this section, we will reinstall CentOS 7 or Ubuntu 18.04 all over. Make sure you follow the installation instructions from the following articles:
https://www.linux.org/threads/lfcs-installing-centos-7.4462/
https://www.linux.org/threads/lfcs-os-in-virtualbox.4465/
https://www.linux.org/threads/lfcs-–-install-gui-mate.4466/
https://www.linux.org/threads/lfcs-installing-ubuntu.4480/
NOTE: Instead of setting up a virtual system with two network cards, 'NAT Networking' and 'Host Only', just set up one Network card as 'Bridged'. This will let your virtual servers have an IP Address as if it directly connected them to your Local Area Network (LAN).
These should help you, but you should be familiar with these.
In this article, we will add XRDP to the server. XRDP is the RDP Protocol, Remote Desktop Protocol, used to connect to remote systems over the Internet from Microsoft Windows. You can make connections from Linux and macOS systems as well.
Install XRDP for CentOS
Before we can make any connections, we need to set up an XRDP Server to accept connections. We will do this on Server1.
Be sure you add the 'epel-release' to the CentOS servers. Perform updates and get everything updated.
Execute the following command to install XRDP:
sudo yum install xrdp -y
Once installed, all the configuration and necessary files are in '/etc/xrdp'.
The next step is to get XRDP working on SELinux. Set your Operating System (OS) to enforce SELinux. See LFCS - SELinux. We will lock centOS down, making it more secure. To allow the service to run, on CentOS, do the commands:
cd /usr/sbin
sudo chcon -t bin_t xrdp*
The service will now run under SELinux.
We need to start the service and enable it to auto-start when the system boots. Perform these commands on either OS:
sudo systemctl start xrdp
sudo systemctl enable xrdp
Run the command 'netstat -lnt' and see that the system is listening to Port 3389 for TCP6. We can change this to TCP4 soon.
When connecting to the Server remotely, you will be required to log in as an existing user. We need to configure the MATE Desktop for this user to be used during remote sessions. In my case, I will use my account, 'jarret', to perform remote connections. After I log into Server1, in a command-line, I perform the two commands:
echo "mate-session" > ~/.Xclients
chmod a+x ~/.Xclients
We have everything set except that Port 3389 for TCP4 is not listening. We need to open the port for listening and we should be good.
Issue the commands:
sudo firewalld-cmd --add-port=3389/tcp --permanent
sudo firewalld-cmd --reload
These commands open Port 3389 on TCP for the CentOS server.
Installing on Ubuntu
Installing on Ubuntu is a little different. For Ubuntu, you must use a server install and not a workstation. I installed a basic server with no GUI. I updated and upgraded it. Then I installed 'tasksel' and then ran it using 'sudo tasksel'. Select the option for 'MATE Desktop'. Once you install the MATE Desktop, then reboot to get the Desktop Environment active.
The system needs the SSH server, which you can install with:
sudo apt install openssh-server -y
You need to remove the 'dbus-user-session' and install 'dbus-x11', which should have been installed by default. The commands are:
sudo apt purge dbus-user-session
sudo apt install dbus-x11
Next, you need to start the XRDP installation, and the command is:
sudo apt install xrdp -y
Another part of XRDP is the packages for 'xorgrdp', which you need to install in two steps. The first step is the dependencies, and the second is the package itself.
sudo apt install xorg-video-abi-23 xserver-xorg-core -y
Once these are installed, then the main package:
sudo apt install xorgxrdp -y
For my examples, I will leave Ubuntu in 'Permissive' mode.
You can run the command 'netstat -lnt' and see that the system is listening to Port 3389 for TCP6. We can change this to TCP4 soon.
For Ubuntu, do the following to create the file:
echo "mate-session" > ~/.xsession
chmod +x ~/.xsession
To open Port 3389, you need to run:
sudo ufw allow 3389/tcp
Make sure you enable UFW and get it running. If you perform 'sudo ufw reload' to reload the list of allowable/blocked ports, you get an error that 'ufw' is not loaded, then you need to enable 'ufw'. Edit the file, '/etc/ufw/ufw.conf', with your preferred editor. Change the line 'enabled=no' to 'enabled=yes'. Save the file and exit the editor. Run the command 'sudo service ufw start' to start the service. Use 'sudo systemctl enable ufw' so the service restarts at boot.
XRDP uses an SSL certificate, so we need to make sure that the XRDP user account has access to the certificate. To do this, we add the account to the 'ssl-cert' group with the command 'sudo adduser -g xrdp ssl-cert'.
Reboot the server and you should be able to connect Server1 using its IP Address from Windows Remote Desktop Connection, Figure 1, and even from Remmina on a Linux system.
FIGURE 1
After logging in, you should get an error message, Figure 2. The error message is about certificates. Just click on 'Yes'.
FIGURE 2
From Windows Remote Desktop or Remmina, you should get to a logon screen, as shown in Figure 3. Leave the 'Session' as 'XORG'.
FIGURE 3
From Windows Remote Desktop Connection, use 'Logout' to exit the connection. If you shut down the window, the connection remains opened. When you reconnect, you will open the existing connection and anything left running or opened.
For Remmina, you need to open the 'Remote Desktop Preference' for the connection. The 'Color depth' should be currently set to 'GFX AVC444 (32 bpp)'. Change the option to 'True Color (32bpp)'. This should fix any errors you may get on Remmina.
Conclusion
Setting up XRDP is a useful tool for remoting in to your server. If you want to do this over the Internet, then you need to perform Port Forwarding on your gateway device.
CentOS is easy, but Ubuntu takes some extra steps, even during installation. I have gotten it to work with MATE Desktop, as in the instructions. Using Gnome, I could not get it to work.
The information in the article most likely is not on the certification exam, but useful to know.
For this section, we will reinstall CentOS 7 or Ubuntu 18.04 all over. Make sure you follow the installation instructions from the following articles:
https://www.linux.org/threads/lfcs-installing-centos-7.4462/
https://www.linux.org/threads/lfcs-os-in-virtualbox.4465/
https://www.linux.org/threads/lfcs-–-install-gui-mate.4466/
https://www.linux.org/threads/lfcs-installing-ubuntu.4480/
NOTE: Instead of setting up a virtual system with two network cards, 'NAT Networking' and 'Host Only', just set up one Network card as 'Bridged'. This will let your virtual servers have an IP Address as if it directly connected them to your Local Area Network (LAN).
These should help you, but you should be familiar with these.
In this article, we will add XRDP to the server. XRDP is the RDP Protocol, Remote Desktop Protocol, used to connect to remote systems over the Internet from Microsoft Windows. You can make connections from Linux and macOS systems as well.
Install XRDP for CentOS
Before we can make any connections, we need to set up an XRDP Server to accept connections. We will do this on Server1.
Be sure you add the 'epel-release' to the CentOS servers. Perform updates and get everything updated.
Execute the following command to install XRDP:
sudo yum install xrdp -y
Once installed, all the configuration and necessary files are in '/etc/xrdp'.
The next step is to get XRDP working on SELinux. Set your Operating System (OS) to enforce SELinux. See LFCS - SELinux. We will lock centOS down, making it more secure. To allow the service to run, on CentOS, do the commands:
cd /usr/sbin
sudo chcon -t bin_t xrdp*
The service will now run under SELinux.
We need to start the service and enable it to auto-start when the system boots. Perform these commands on either OS:
sudo systemctl start xrdp
sudo systemctl enable xrdp
Run the command 'netstat -lnt' and see that the system is listening to Port 3389 for TCP6. We can change this to TCP4 soon.
When connecting to the Server remotely, you will be required to log in as an existing user. We need to configure the MATE Desktop for this user to be used during remote sessions. In my case, I will use my account, 'jarret', to perform remote connections. After I log into Server1, in a command-line, I perform the two commands:
echo "mate-session" > ~/.Xclients
chmod a+x ~/.Xclients
We have everything set except that Port 3389 for TCP4 is not listening. We need to open the port for listening and we should be good.
Issue the commands:
sudo firewalld-cmd --add-port=3389/tcp --permanent
sudo firewalld-cmd --reload
These commands open Port 3389 on TCP for the CentOS server.
Installing on Ubuntu
Installing on Ubuntu is a little different. For Ubuntu, you must use a server install and not a workstation. I installed a basic server with no GUI. I updated and upgraded it. Then I installed 'tasksel' and then ran it using 'sudo tasksel'. Select the option for 'MATE Desktop'. Once you install the MATE Desktop, then reboot to get the Desktop Environment active.
The system needs the SSH server, which you can install with:
sudo apt install openssh-server -y
You need to remove the 'dbus-user-session' and install 'dbus-x11', which should have been installed by default. The commands are:
sudo apt purge dbus-user-session
sudo apt install dbus-x11
Next, you need to start the XRDP installation, and the command is:
sudo apt install xrdp -y
Another part of XRDP is the packages for 'xorgrdp', which you need to install in two steps. The first step is the dependencies, and the second is the package itself.
sudo apt install xorg-video-abi-23 xserver-xorg-core -y
Once these are installed, then the main package:
sudo apt install xorgxrdp -y
For my examples, I will leave Ubuntu in 'Permissive' mode.
You can run the command 'netstat -lnt' and see that the system is listening to Port 3389 for TCP6. We can change this to TCP4 soon.
For Ubuntu, do the following to create the file:
echo "mate-session" > ~/.xsession
chmod +x ~/.xsession
To open Port 3389, you need to run:
sudo ufw allow 3389/tcp
Make sure you enable UFW and get it running. If you perform 'sudo ufw reload' to reload the list of allowable/blocked ports, you get an error that 'ufw' is not loaded, then you need to enable 'ufw'. Edit the file, '/etc/ufw/ufw.conf', with your preferred editor. Change the line 'enabled=no' to 'enabled=yes'. Save the file and exit the editor. Run the command 'sudo service ufw start' to start the service. Use 'sudo systemctl enable ufw' so the service restarts at boot.
XRDP uses an SSL certificate, so we need to make sure that the XRDP user account has access to the certificate. To do this, we add the account to the 'ssl-cert' group with the command 'sudo adduser -g xrdp ssl-cert'.
Reboot the server and you should be able to connect Server1 using its IP Address from Windows Remote Desktop Connection, Figure 1, and even from Remmina on a Linux system.
FIGURE 1
After logging in, you should get an error message, Figure 2. The error message is about certificates. Just click on 'Yes'.
FIGURE 2
From Windows Remote Desktop or Remmina, you should get to a logon screen, as shown in Figure 3. Leave the 'Session' as 'XORG'.
FIGURE 3
From Windows Remote Desktop Connection, use 'Logout' to exit the connection. If you shut down the window, the connection remains opened. When you reconnect, you will open the existing connection and anything left running or opened.
For Remmina, you need to open the 'Remote Desktop Preference' for the connection. The 'Color depth' should be currently set to 'GFX AVC444 (32 bpp)'. Change the option to 'True Color (32bpp)'. This should fix any errors you may get on Remmina.
Conclusion
Setting up XRDP is a useful tool for remoting in to your server. If you want to do this over the Internet, then you need to perform Port Forwarding on your gateway device.
CentOS is easy, but Ubuntu takes some extra steps, even during installation. I have gotten it to work with MATE Desktop, as in the instructions. Using Gnome, I could not get it to work.
The information in the article most likely is not on the certification exam, but useful to know.