How to use Apache Guacamole and VNC with multi-users? - vnc

Is it possible to use Apache Guacamole and VNC with multi-users? And if yes how?

You may want to look at connection sharing.
I use this, but you will need Database authentication set up.

Related

Kerberos on Apache 2.4 for Windows

I Have a Apache https 2.4 server on a Windows Server.
I would like to implement Kerberos authentification. For linux, it seems the solution is to use
mod_auth_gssapi https://github.com/gssapi/mod_auth_gssapi
But for Windows, there no module available.
Do you think it is possible to compile this module for windows ? is there another way maybe a proxy ?
With NGINX, it is the same problematic, no module kerberos. Maybe I need to use IIS ?
Thanks
If the server is an Active Directory domain member, use mod_auth_sspi instead, which uses the Windows-provided SSPI interface to implement Kerberos/Negotiate (and technically also NTLM).
There does not seem to be an NGINX equivalent that would use SSPI.
Compiling GSSAPI-based modules (for both Apache and NGINX) may be possible, but you would need to have an GSSAPI library first – MIT "Kerberos for Windows" and Heimdal are the two options available. (Note that they would not be able to use Windows AD machine credentials directly; they would need a keytab to be issued, just like on Linux.)

How to host CouchDB database?

I have CouchDB database running on http://localhost:5984/ but I want to host it on IIS to be accessed from other computer from the network. Can anyone tell me how to do that?
The other computer may well be able to use it on port 5984 the way you already have things set up.
But if you want to expose it via IIS, what you're looking for is setting up IIS as a "reverse proxy" (that is, as a front-end to another server process, in this case the CouchDB server process). This question and its answers on serverfault may help.

Manage DNS Server from Gnome

Is there a UI component for Gnome (or perhaps web-based) that allows you to setup and manage a DNS server (Bind or otherwise)? I've worked with web-based DNS services and Windows DNS but have never worked with Bind or another Linux DNS Server directly. I'm hoping there's a UI that can ease me into creating a simple DNS setup for my tiny local network. My server is running CentOS 6.2.
Any recommendations would be greatly appreciated!
I've used webmin and virtualmin. They were easy to use. If all you want to manage is Bind, they are probably overkill.

How do I secure a production server after inheriting it from the previous development vendor?

We received access to the environment, but I now need to go through the process of securing it so that the previous vendor can no longer access it, or the Web applications running on it. This is a Linux box running Ubuntu. I know I need to change the following passwords:
SSH
FTP
MySQL
Control Panel Admin
Primary Application Admin
However, how do I really know I've completely secured the system using best practices, and am I missing anything else that I need to do other than just changing passwords?
3 simple steps
Backup configurations / source files from HTTP / SQL tables
Reinstall operating system
Follow standard hardening steps on fresh OS
Regardless of who it was, they could have installed any old crap on there (rootkits) that you can't configure away.
You will probably get more responses at serverfault.com on these kinds of questions.
There are several things you can do to secure SSH by editing your sshd_config file which is usually in /etc/ssh/:
Disable Root Logins
PermitRootLogin no
Change the ssh port from Port 22
Port 9222
Manually specifying which accounts can login
AllowUsers Andrew,Jane,Doe
SecurityFocus has a good article about securing MySQL, although it's a bit dated.
The best thing you could do would be reinstall and make sure when you bring over files from the old system to the new that it is just data, and not executables that could be nasty. If this is to much, changing all the passwords, and watching the logs for a few weeks, as well as playing with iptables to block former vendor. Also given that it could have a rootkit at the kernel level its probably good idea to change that out, and also watch traffic coming out of the box fro something that might be going to the vendor. It really is a hassle to take someone else's machine and say that is safe now, I would go as far to say it is nearly impossible.
side note. This isn't really programming related so probably shouldn't be on this site.

How to manage a DNS server remotely?

I whant to make a web interface on a server that will manage a few dns servers on another servers.
How can i remotely manage a bind dns server programmaticly ?
I would like to add/edit/delete zones.
I see that there is rndc but that only allows reloading of zones and not adding/deleting.
I could NFS mount zones from dns servers and edit them but is there a better way?
If there isn't a hard requirement on writing something like this from scratch, why not simply use an already existing interface without having to reinvent the wheel? A simple Google search for the keywords bind dns web interface yields an entire list of good open source projects in the very first result link.
There is work at the IETF to define a standard for remote control of name servers based on the Netconf framework. See:
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-name-server-management-reqs
https://datatracker.ietf.org/doc/html/draft-dickinson-dnsop-nameserver-control-00.txt
The requirements include the ability to add/remove zones, etc.
You could set up something that does remote SSH commands? That may be a bit insecure, though, unless the server running the commands themselves is pre-authenticated with an SSH key, and that's the only way you can access the server.

Resources