You have the situation that you installed Chameleon for security and compatibility purposes on an external USB-stick. For safety reasons you should consider making a backup. But all diskimaging (either Apple’s Diskutility, Carbon Copy Cloner or Super Duper) tools fail to create a proper backup since the bootblock is just not copied. So you end up with having to create a second usb-stick, but this takes time. So why not copying it? In the following article we’ll show you some basic steps to create a proper backup of your precious Chameleon bootable USB-Stick.
This session is not considered for newbies. You need to understand the steps and understand that you can completely destroy your system when you apply certain steps in a wrong way. The following steps comprise a forum threat on OSX86.net.
How to secure your Debian server by setting up SSH for passwordless login via public- and private-key cryptography (read tutorial here)
How to secure your Debian server by updating the buggy openSSH Debian package (read tutorial here)
How to simplify Debian administration by setting up a graphical interface (GNOME) to be used via VNC connection thru an SSH tunnel (read tutorial here)
In this (very short) howto, we’re gonna setup a firewall with a graphical user interface (GUI) for GNOME. This firewall is called Firestarter. Our goal is to further improve safety of our server. We’re gonna do that on a Debian Etch system.
Hic at nunc, we need to have a running VNC connection (read tutorial here) to our Debian server, because dumbed down: Firestarter is a nice (GNOME) GUI for Nefilter/IPTables (further details here).
Hic et nunc, we follow Kant’s question “What shall I do?”. We assume you logged into your server as root using VNC and opened a terminal. Do the following:
server$ apt-get install firestarter
(installs the firewall)
(starts firestarter for first configuration)
Firestarter auto recognizes your network card and device id (for example eth0 or venet0). Follow the wizard and click Save and Exit then (here because of german screen shots: Speichern und Beenden).
Then the main Firestarter window will open. Since we want to come back later on after having logged out of our server, we have to open at least one port for our VNC through SSH tunnel. Go to register Rules (here because of german screen shots: Richtlinie)
And add a rule (here because of german screenshots: Regel hinzufügen) for your specific ports.
V. Which ports
The following list is only an example you know best which services your server runs.
the normal VNC port will be 5901 or 5900 – since VNC communication is not encrypted on that port, we strongly recommend to only use a SSH tunnel for VNC sessions.
in case you followed our recommendation to use an SSH tunneled VNC connection you only need to open port 22, port 5901 or 5900 is not necessary
in case you followed even our recommendations to change your SSH port number to somewhat different, open that port instead (you may have a look at your /etc/ssh/sshd_config if you forgot the port number)
if you’re running an apache with a website, you probably need port 80, aswell
VI. Activate new rules
click on Apply Rule rule (here because of german screenshots: Richtlinie anwenden)
Stay logged and open a second terminal and try to log in, if everything works you’re done. Thanks for your attention.
If this article helped you, please click our sponsor (Google-Adsense) and help us maintaining this project free. Thanks…