CB-Net

If you’re enabling RDP support, or other services on a Debian Linux machine that you want to connect to from a remote device, a static IP is an obvious requirement (be-that, ideally, a DHCP reservation or manually configured IP).

Considering I couldn’t opt for a DHCP reservation for my home set-up (long story) I went for a manually configured IP address, using the commands / configuration files below.

Edit /etc/network/interfaces:

sudo vi /etc/network/interfaces

   auto eth0
    iface eth0 inet static
        address 192.168.1.249
        netmask 255.255.255.0
        gateway 192.168.1.1

Edit resolv.conf:

sudo vi /etc/resolv.conf 

   nameserver 192.168.1.1

I found that after this change, in order for Network Manager to “release” control of the interface, I had to restart the device – I’m sure there is a better solution, let me know if you find one…

One annoyance I’ve had since using Debian 8 / Firefox was that every time I pressed the middle-mouse button and tried to scroll on a web page I’d get a new page load, or nothing would happen.

This was a Firefox-specific issue, that can be resolved by configuring as below in about:config:

Setting: general.autoScroll
Set to: True

Setting: middlemouse.contentLoadURL
Set to: False

I was surprised to find that sudo was not installed by default on Debian 8 as it is with Ubuntu. You can debate whether the root account should, or should not be enabled however, I would recommend the use of sudo for audit logging the use of elevated privileges.

Install sudo itself using the command:

apt-get install sudo

Now add your personal account to the sudo group

adduser <username> sudo

You’ll need to either logoff or reload your groups.

Should you chose to disable the root account itself, use the following commands:

sudo passwd -l root
usermod --expiredate 1

Firefox has recently become my go-to browser of choice, not becuase of speed, but because of privacy – more to come on this subject at a later time.

Having established a configuration I am happy with – following guides on sites such as privacytools.io – I like to be sure no add-ons or Firefox updates can reset the configuration, so I opt for locked preferences. More information from Mozilla on this here.

To lock preferences on Debian, you’ll need to create two files as outlined in the Mozilla article – mozilla.cfg and local-settings.js.

mozilla.cfg

//
lockPref("privacy.trackingprotection.enabled", true);
lockPref("geo.enabled", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("dom.event.clipboardevents.enabled", false);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("network.cookie.lifetimePolicy", 2);
lockPref("browser.cache.offline.enable", false);
lockPref("browser.send_pings", false);
lockPref("webgl.disabled",true);
lockPref("dom.battery.enabled", false);
lockPref("browser.sessionstore.max_tabs_undo", 0);
lockPref("media.peerconnection.enabled", false);
lockPref("media.peerconnection.turn.disable", true);
lockPref("media.peerconnection.use_document_iceservers", false);
lockPref("media.peerconnection.video.enabled", false);
lockPref("media.peerconnection.identity.timeout", 1);
lockPref("browser.search.suggest.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("signon.rememberSignons", false);

local-settings.js

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Now copy these files to the required directories, close and open Firefox.

cp mozilla.cfg /usr/lib/firefox-esr/
cp local-settings.js /usr/lib/firefox-esr/defaults/pref/

/ The below is now “obsolete,” in my opinion – it will work, however,  you will not get sound redirection and performance is not as good as it can be due to this solution being routed over VNC. Check out my more-recent guide on using x11rdp, here.

As an avid, die-hard Windows user I struggle to make the move to VNC considering how fast RDP is in comparison. When I discovered it was possible to enable RDP support on Debian, I quickly set-to.

Install XRDP on Debian

This wil both install and configure XRDP:

sudo apt-get install xrdp

Fix Key-Mapping Issues

There is one “bug” with key-mapping that requires a custom key-map file to be used with XRDP specifically, the below is for en-GB / UK keyboards – save the below as km-0809.ini – see last step after text file contents!

First, some background – in a recent attempt to get a better handle on Internet privacy I began to look at various areas from mobile operating systems, browsers to the network I was connecting to the Internet from, and the various risks all entailed. In terms of my local network I was intrigued to better understand the “health” of devices on that network, and any risks they exposed.

I started to re-visit the use of Linux, and initially rediscovered Kali Linux “2016.2.” This proved to be a nightmare within a Hyper-V machine – a memory leak consumed all available host memory (12GB) in a couple of days, plus an “apt-get dist-upgrade” resulted in a failure of Xfce on boot… all I wanted was a vulnerability scanner, not a headache! Sadly, getting OpenVas running on Kali is very easy – see here.

My next port of call was Ubuntu, however, from a privacy perspective this proved less than ideal, so I opted for a distro I had not used for many years in its original form, Debian – specifically Debian 8, or Jessie.