All about Security: How to install XRDP on RHEL 9

註記一下, xrdp 不是 RedHat 官方維護的軟體 , 屬於 3rd Party 軟體

所以安全性的話自己要看著辦

已經勸告過了, 出事別怪

=====

[root@rhel9-2022 system]# yum install --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
正在更新訂閱管理程式軟體庫。
上次中介資料過期檢查：0:26:22 前，時間點為西元2022年09月19日 (週一) 13時58分39秒。
epel-release-latest-8.noarch.rpm 21 kB/s | 24 kB 00:01
依賴關係解析完畢。
===========================================================================================================================================================================
軟體包架構版本軟體庫大小
===========================================================================================================================================================================
安裝:
epel-release noarch 8-17.el8 @commandline 24 k
處理事項摘要
===========================================================================================================================================================================
安裝 1 軟體包
總大小：24 k
安裝的大小：34 k
下載軟體包：
執行處理事項檢查
處理事項檢查成功。
執行處理事項測試
處理事項測試成功。
執行處理事項
準備 : 1/1
正在安裝 : epel-release-8-17.el8.noarch 1/1
執行小令稿 : epel-release-8-17.el8.noarch 1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.
核驗 : epel-release-8-17.el8.noarch 1/1
安裝的產品已更新。
已安裝:
epel-release-8-17.el8.noarch
完成！
[root@rhel9-2022 system]# yum install xrdp tigervnc-server -y
正在更新訂閱管理程式軟體庫。
Extra Packages for Enterprise Linux 8 - x86_64 1.4 MB/s | 13 MB 00:09
Extra Packages for Enterprise Linux Modular 8 - x86_64 212 kB/s | 733 kB 00:03
上次中介資料過期檢查：0:00:01 前，時間點為西元2022年09月19日 (週一) 14時25分35秒。
已安裝 tigervnc-server-1.11.0-21.el9.x86_64 軟體包。
依賴關係解析完畢。
===========================================================================================================================================================================
軟體包架構版本軟體庫大小
===========================================================================================================================================================================
安裝:
xrdp x86_64 1:0.9.19-1.el8 epel 470 k
將安裝依賴項目:
compat-openssl11 x86_64 1:1.1.1k-4.el9_0 rhel-9-for-x86_64-appstream-rpms 1.5 M
imlib2 x86_64 1.4.9-8.el8 epel 222 k
將安裝弱依賴項目:
xrdp-selinux x86_64 1:0.9.19-1.el8 epel 24 k
處理事項摘要
===========================================================================================================================================================================
安裝 4 軟體包
總下載大小：2.2 M
安裝的大小：6.5 M
下載軟體包：
(1/4): xrdp-selinux-0.9.19-1.el8.x86_64.rpm 29 kB/s | 24 kB 00:00
(2/4): xrdp-0.9.19-1.el8.x86_64.rpm 316 kB/s | 470 kB 00:01
(3/4): imlib2-1.4.9-8.el8.x86_64.rpm 75 kB/s | 222 kB 00:02
(4/4): compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm 469 kB/s | 1.5 MB 00:03
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
總計 431 kB/s | 2.2 MB 00:05
Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
匯入 GPG 密鑰 0x2F86D6A1：
使用者識別碼："Fedora EPEL (8) <epel@fedoraproject.org>"
指紋：94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
來自：/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
密鑰匯入成功
執行處理事項檢查
處理事項檢查成功。
執行處理事項測試
處理事項測試成功。
執行處理事項
準備 : 1/1
正在安裝 : compat-openssl11-1:1.1.1k-4.el9_0.x86_64 1/4
正在安裝 : imlib2-1.4.9-8.el8.x86_64 2/4
正在安裝 : xrdp-selinux-1:0.9.19-1.el8.x86_64 3/4
執行小令稿 : xrdp-selinux-1:0.9.19-1.el8.x86_64 3/4
正在安裝 : xrdp-1:0.9.19-1.el8.x86_64 4/4
執行小令稿 : xrdp-1:0.9.19-1.el8.x86_64 4/4
核驗 : imlib2-1.4.9-8.el8.x86_64 1/4
核驗 : xrdp-1:0.9.19-1.el8.x86_64 2/4
核驗 : xrdp-selinux-1:0.9.19-1.el8.x86_64 3/4
核驗 : compat-openssl11-1:1.1.1k-4.el9_0.x86_64 4/4
安裝的產品已更新。
已安裝:
compat-openssl11-1:1.1.1k-4.el9_0.x86_64 imlib2-1.4.9-8.el8.x86_64 xrdp-1:0.9.19-1.el8.x86_64 xrdp-selinux-1:0.9.19-1.el8.x86_64
完成！
[root@rhel9-2022 system]# systemctl start xrdp
[root@rhel9-2022 system]# systemctl enable xrdp
Created symlink /etc/systemd/system/multi-user.target.wants/xrdp.service → /usr/lib/systemd/system/xrdp.service.
[root@rhel9-2022 system]# systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-09-19 14:26:15 CST; 12s ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Main PID: 6285 (xrdp)
Tasks: 1 (limit: 98328)
Memory: 1.0M
CPU: 7ms
CGroup: /system.slice/xrdp.service
└─6285 /usr/sbin/xrdp --nodaemon
9月 19 14:26:15 rhel9-2022 systemd[1]: Started xrdp daemon.
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] starting xrdp with pid 6285
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] address [0.0.0.0] port [3389] mode 1
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] listening to port 3389 on 0.0.0.0
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] xrdp_listen_pp done
[root@rhel9-2022 system]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@rhel9-2022 system]# firewall-cmd --zone=trusted --add-port=3389/tcp --permanent
success
[root@rhel9-2022 system]# firewall-cmd --reload
success
[root@rhel9-2022 system]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@rhel9-2022 system]#

=====

[root@rhel9-2022 system]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@rhel9-2022 system]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-09-19 13:35:35 CST; 55min ago
Docs: man:firewalld(1)
Main PID: 1090 (firewalld)
Tasks: 4 (limit: 98328)
Memory: 46.4M
CPU: 1.442s
CGroup: /system.slice/firewalld.service
└─1090 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
9月 19 13:35:31 rhel9-2022 systemd[1]: Starting firewalld - dynamic firewall daemon...
9月 19 13:35:35 rhel9-2022 systemd[1]: Started firewalld - dynamic firewall daemon.
[root@rhel9-2022 system]# sudo systemctl stop firewalld
[root@rhel9-2022 system]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2022-09-19 14:31:27 CST; 2s ago
Docs: man:firewalld(1)
Process: 1090 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 1090 (code=exited, status=0/SUCCESS)
CPU: 1.531s
9月 19 13:35:31 rhel9-2022 systemd[1]: Starting firewalld - dynamic firewall daemon...
9月 19 13:35:35 rhel9-2022 systemd[1]: Started firewalld - dynamic firewall daemon.
9月 19 14:31:27 rhel9-2022 systemd[1]: Stopping firewalld - dynamic firewall daemon...
9月 19 14:31:27 rhel9-2022 systemd[1]: firewalld.service: Deactivated successfully.
9月 19 14:31:27 rhel9-2022 systemd[1]: Stopped firewalld - dynamic firewall daemon.
9月 19 14:31:27 rhel9-2022 systemd[1]: firewalld.service: Consumed 1.531s CPU time.
[root@rhel9-2022 system]# systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-09-19 14:26:15 CST; 5min ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Main PID: 6285 (xrdp)
Tasks: 1 (limit: 98328)
Memory: 1.0M
CPU: 7ms
CGroup: /system.slice/xrdp.service
└─6285 /usr/sbin/xrdp --nodaemon
9月 19 14:26:15 rhel9-2022 systemd[1]: Started xrdp daemon.
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] starting xrdp with pid 6285
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] address [0.0.0.0] port [3389] mode 1
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] listening to port 3389 on 0.0.0.0
9月 19 14:26:15 rhel9-2022 xrdp[6285]: [INFO ] xrdp_listen_pp done
[root@rhel9-2022 system]#

All about Security

crosscol

whaust

2022年9月19日星期一

How to install XRDP on RHEL 9

沒有留言:

張貼留言

Popular