背景:
· 公司研发团队通过VNC登录到CentOS服务器的桌面实现开发工作
· 为防止数据外泄,需要在RealVNC设置禁止传输文件、访问粘贴板等安全策略
安装过程:
1.预装CentOS 7.9系统
Centos 7.9:Minimal Install && Development Tools
2.更换源
curl -s -o /etc/yum.repos.d/cent0s-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
3.安装桌面服务lightdm + Xfce
yum install -y epel-release
yum install -y lightdm
yum groupinstall -y "X Window system"
yum groupinstall -y "Xfce"
systemctl set-default graphical.target # 开机默认设置成图形模式
# systemctl set-default multi-user.target # 开机默认设置成命令模式
systemctl get-default
systemctl isolate graphical.target
4.系统安装完成后禁用SELINUX及防火墙(如安全需求高可以不禁用)
sed -ri /^SELINUX=/'s/(SELINUX=).*/\1disabled/' /etc/selinux/config
setenforce 0
systemctl disable firewalld && systemctl stop firewalld
reboot
5.安装VNC服务
yum install -y VNC-Server-6.11.0-Linux-x64.rpm
vnclicense -add Z456C-LMKTC-NLGWQ-H5CUR-ZVWEA
6.配置VNC相关文件
vim /etc/vnc/config.d/common.custom
DisableOptions=FALSE
ShareFiles=FALSE
EnableRemotePrinting=FALSE
Encryption=AlwaysOn
AllowChangeDefaultPrinter=FALSE
AcceptCutText=TRUE
SendCutText=TRUE
Authentication=SystemAuth
RootSecurity=TRUE
AuthTimeout=30
BlackListThreshold=10
BlackListTimeout=30
DisableAddNewClient=TRUE
DisableTrayIcon=2
EnableManualUpdateChecks=FALSE
EnableAutoUpdateChecks=0
GuestAccess=0
EnableGuestLogin=FALSE
AllowTcpListenRfb=TRUE
RfbPort=8000
AllowHTTP=FALSE
IdleTimeout=0
QuitOnCloseStatusDialog=FALSE
DaemonPort=6000
AlwaysShared=TRUE
NeverShared=FALSE
DisconnectClients=FALSE
ServiceDiscoveryEnabled=FALSE
_ConnectToExisting=1
RandR=1920x1080,1600x1200,1680x1050,1400x1050,1360x768,1280x1024,1280x960,1280x800,2560x1360,2560x1440,3840x1080
vim /etc/vnc/xstartup.custom
#!/bin/sh
DESKTOP_SESSION=xfce
export DESKTOP_SESSION
startxfce4
vncserver-virtual -kill $DISPLAY
vim /etc/vnc/config
-fp "catalogue:/etc/X11/fontpath.d,built-ins"
7.启动服务
systemctl restart vncserver-x11-serviced.service
systemctl enable vncserver-x11-serviced.service
systemctl restart vncserver-virtuald.service
systemctl enable vncserver-virtuald.service
其它客户端请参考以下链接