User Login      + Register  

Tools for Installation / Maintenance  SecureOffice  xoops  29-Nov-2020 17:40  0  1606 reads

Table_of_Contents

1        Remote Shell and File Transfer

1.1    PuTTY Remote Access Program

1.2    WinSCP Secure File Transfer Program

1.2.1      File Transfer Between PCs

2        Remote Desktop Access

2.1    Running SecureOffice Headless

2.2    VNC Remote Access

2.3    NoMachine Remote Access

2.4    RDP Remote Access

3        Access SecureOffice From Internet or WAN

3.1    Create Public and Private Keys For SSH

3.2    Configure Putty to Use SSH Keys

3.3    Remote Access to SecureOffice Web GUI

3.4    Configure WinSCP to Use SSH Keys

3.5    Secure Remote Access Using Dropbear

3.6    Add SSH Key for Secure Remote Access

3.7    Configure Firewall for Remote Access

3.8    General Services Remote Access

3.9    Testing Remote Access

4        Tools for Initial SecureOffice Install

4.1    Linux Emergency Recovery USB Boot Disk

4.2    Linux Virtual Machine

4.3    SecureOffice Virtual Machine

4.4    SecureOffice USB Boot Disk

5        Nano Editor

6        NotePad++ Editor

7        7-Zip File Archive Utility

List of Figures

Figure 1:       PuTTY Login Menu

Figure 2:       PuTTY Login Prompt

Figure 3:       PuTTY Logged In

Figure 4:       WinSCP Start Page

Figure 5:       WinSCP Login Page

Figure 6:       Active WinSCP Session

Figure 7:      VNC Viewer Login

Figure 8 :      VNC Viewer Logged In

Figure 9:       NoMachine Remote Desktop

Figure 10:       PuTTYgen Start Window

Figure 11:       PuTTYgen Key Created

Figure 12:       PuTTY Enter Private SSH Key

Figure 13:       PuTTY Proxy HTTP Values

Figure 14:       PuTTY Proxy HTTP Entered

Figure 15:       Edit Dropbear Configuration

Figure 16:       Dropbear GUI Configuration

Figure 17:       Edit Firewall SSH Rule

Figure 18:       GUI Firewall Open Port

Figure 19:       GUI Firewall Port Open

Figure 20:       Rufus Boot Disk Creator

1        Remote Shell and File Transfer

Once the network LAN and WAN addresses are configured, SecureOffice can be accessed remotely, using SSH (Secure Shell access) from any PC on the LAN.

If SecureOffice is configured for WAN network topology, it is a major security risk to allow WAN (internet) SSH access to SecureOffice, which is disabled by default. A secure method to do this is discussed in Section 3.

Any PC on the SecureOffice LAN can SSH access SecureOffice with no additional configuration, independent of WAN or LAN network topology.

For SecureOffice LAN topology, the SecureOffice WAN network interface is connected to your router's LAN interface which is hopefully protected by the firewall on your existing router which should not have SSH port 22 open, a serious security risk unless using SSH key authentication with passwords disabled. If remote shell or file transfer access via SecureOffice WAN port (on your local LAN) is desired, port 22 can be opened on the SecureOffice firewall to allow SSH and SCP access. Since the LAN is already protected by the existing router, this is not a security risk, if you trust all users on your LAN. The procedure to enable SSH on the SecureOffice WAN port is documented in Configure Firewall for Remote Access.

1.1    PuTTY Remote Access Program

PuTTY is a SSH (Secure Shell) remote access program allowing encrypted access to computers over a network connection.

Click the following link to Download PuTTY and click "Save File". In your download folder, double click on "putty.exe" to start the installer. Follow the prompts and accept defaults for all settings.

Double click on the PuTTY icon on your desktop, or in your start menu. You should see PuTTY, as below:

Figure 1: PuTTY Login Menu

Accept the default settings, enter the IP address of SecureOffice (LAN address in WAN topology, WAN address in LAN topology. If you have changed the SSH port from the default (22), enter the port number.

Enter a name for your session in the "Saved Sessions" field and press "Save".

Press "Open". Assuming the IP address is correct and you are connected to the correct network interface (Existing LAN interface - your router for LAN topology, SecureOffice LAN interface for WAN topology), you should see the SecureOffice (Linux) shell login prompt, as below:

Figure 2: PuTTY Login Prompt

Type "root" as user name, press "Enter" and type your root password (default "admin_54321"), and press "Enter" again. Note that characters are not echoed as the password is typed. Assuming the login credentials are correct, you will see the SecureOffice command prompt:

Figure 3: PuTTY Logged In

Basic PuTTY usage has been explained above. PuTTY is a very flexible utility, capable of much more. A full user manual is available at PuTTY Documentation.

1.2    WinSCP Secure File Transfer Program

WinSCP is a SCP (Secure File Copy) remote access program allowing encrypted access and file transfer from / to remote computers using a network connection.

Click the following link in your Web browser and download the latest released (not beta) version of WinSCP Download and click "Save File". In your download folder, double click on "winscp-XXX-setup.exe" to start the installer. Follow the prompts and accept defaults for all settings.

Double click on the WinSCP icon on your desktop, or in your start menu. You should see WinSCP login page, similar to below:

Figure 4: WinSCP Start Page

Select "New". The detailed login page will be shown. Fill in the "Host Name" (IP address of SecureOffice), "User Name" (root), "Password" (default: "admin_54321") fields and select "SCP" as the protocol. The login page should appear as below:

Figure 5: WinSCP Login Page

After filling in the login fields, select "Save", then "Login". Ignore any error regarding groups, it is normal. Your SCP session should become active, similar to below:

Figure 6: Active WinSCP Session

Assuming everything is correct, the program will open a directory window similar to Windows Explorer, as above.

You can drag files to and from this window, other Explorer windows, and your desktop. To access additional operations, right-click any object, and then select the operation from the context menu. You can also left-click a file or directory, and then drag it to another location.

When transferring files from / to SecureOffice, pay attention to "Transfer Settings". When transferring binaries (images, programs, disk images, compressed archives, etc) use "Binary". When transferring text (html, php, etc), use "Text". Otherwise, WinSCP may convert between Windows and Linux line ends and corrupt files. If "Default" (transfer directories with mixed content) is used, WinSCP will attempt to use the correct setting for each file and, may cause conversion issues. It is safest to always explicitly set the transfer settings for each file type being transferred.

See the detailed WinSCP documentation for various tasks you can do with WinSCP.

1.2.1      File Transfer Between PCs

Many administration / configuration tasks such as installing virtual machines and websites require copying files between a remote PC and SecureOffice. WinSCP is the recommended tool for doing this.

Start WinSCP and login to SecureOffice. The WinSCP window will display as shown above in Figure 6.

The left pane displays the file structure on your PC, the right pane displays the SecureOffice file structure.

In the top left pane, select the PC disk that contains the directory to be transferred to / from. In the bottom left pane, select the directory that files will be transferred to / from.

In the right pane, navigate to the SecureOffice directory that files will be transferred to / from.

Files and directories can be transferred by selecting (left mouse click) and dragging between the left and right panes.

Directories can be created by right clicking within the destination directory, right clicking and selecting "New"

Some files and directories may require changing the ownership and security permissions on SecureOffice. This can be done by right clicking a SecureOffice directory / file and selecting "Properties".

2        Remote Desktop Access

When running SecureOffice virtual machines or other applications using the Xorg desktop, the desktop can be accessed remotely using various methods / packages. Typically, SecureOffice will be physically located away from your work area, near your internet connection (modem). SecureOffice may also be running headless (no monitor, keyboard or mouse connected). It is very inconvenient to have to physically connect a keyboard, mouse and monitor just to perform tasks requiring access to the Xorg GUI.

Note: Xorg (Linux GUI) is only available to subscribers of the custom SecureOffice package repository as are all packages (this section) required for remote desktop access.

2.1    Running SecureOffice Headless

Headless means that SecureOffice does not have a physical monitor, keyboard or mouse connected.

If no monitor is connected to SecureOffice, all desktop remote access methods will display a blank screen, since Xorg does not create a display when no monitor is detected.

There are two options to deal with this:

  • Use a vga or hdmi dummy plug to fool Xorg into detecting a display for headless.
  • Configure Xorg with a dummy display for headless.

To use a dummy display for Xorg, enter (command prompt): "ln -sf xorg.conf_dummy /etc/X11/xorg.conf; reboot"

To use a real display (default, already done) for xorg, connect a monitor, enter (command prompt): "ln -sf xorg.conf_real /etc/X11/xorg.conf; reboot"

TODO: figure out single xorg.conf that will auto-adapt to real or dummy display.

2.2    VNC Remote Access

The Xorg desktop can be accessed remotely by installing (premium package) tigervnc (server) on SecureOffice and VNC Connect (free client) on your PC, Tablet or phone. This is perfect for headless (no monitor) remote access to the Xorg desktop and applications.

Tigervnc has the ability to create / connect to multiple desktops (virtual, not primary desktop that is displayed on video port). Users wishing this functionality will have to research configuration alternatives. Following instructions are solely concerned with remotely accessing the SecureOffice primary desktop.

  • Install tigervnc by entering "opkg update; opkg install tigervnc".
  • Create user (root) vnc directory by entering "mkdir -p /root/.vnc".
  • Create vnc password for root user by entering "vncpasswd". Enter a password and verify password when prompted. You can also choose another view only (no user interaction) password if desired. The password will be used for client connections.
  • Enable (at boot) and start tigervnc by entering "/etc/init.d/vncserver enable; /etc/init.d/vncserver start". The "/etc/init.d/vncserver" file can be edited to enable logging for troubleshooting if required. Log output can be viewed by entering "logread | grep vnc".
  • Download and install the VNC Connect application on your client device.
  • Alternative VNC clients are "Windows Remote Desktop" (select "vnc-any" as "Session") which comes standard with Windows or MobaXterm VNC connections.

If using SecureOffice LAN topology (behind existing router) on single ethernet interface hardware, the port (tcp 5900) required for VNC is blocked by the SecureOffice firewall. Tcp port 5900 must be opened on the firewall to allow VNC communications. Note that your existing router firewall is protecting SecureOffice.

Ensure that your PC (or another client device) is connected to the SecureOffice LAN. Start VNC Viewer and enter the SecureOffice LAN address (default: 192.168.10.1). The login page will appear, as shown below:

Figure 7:VNC Viewer Login

Press enter. VNC Viewer will display a warning regarding "not encrypted", click "Continue". VNC Viewer will prompt for a password. Enter the password created previously. Your SecureOffice desktop will display, as shown below:

Figure 8 :VNC Viewer Logged In

Thus far, VNC Viewer can access the Xorg desktop only when connected to the SecureOffice LAN (wired or Wifi).

Unless configured otherwise, VNC uses port tcp 5900, which is blocked by SecureOffice firewall unless it was opened due to using LAN network topology (as above).

For WAN network topology, to allow VNC access from anywhere on the internet, there are two options:

2.3    NoMachine Remote Access

The Xorg desktop can be accessed remotely by installing (premium package) nxserver on SecureOffice and the NoMachine client on your PC. This is perfect for headless (no monitor) remote access to the Xorg desktop and applications. Only the free NoMachine client / server is currently supported. A feature comparison between free and paid NoMachine client/server is available here.

The major differences between licensed and paid NoMachine remote access is:

  • Free version, only one remote session allowed at a time. Paid: unlimited.
  • Free Version: No browser access to remote desktop. Paid: Browser access.
  • Free Version: No authentication using SSH keys. Must use user ID and password. Connection still encrypted. Paid: can authenticate using SSH keys. This is not a limitation for SecureOffice, can use one of the methods in General Services Remote Access for SSH key authentication.

If using SecureOffice LAN topology (behind existing router) on single ethernet interface hardware, the port (tcp 4000) required for NoMachine is blocked by the SecureOffice firewall. Tcp port 4000 must be opened on the firewall to allow NoMachine communications. Note that your existing router firewall is protecting SecureOffice.

  • To install NoMachine server: from a command prompt, enter "opkg update; opkg install nxserver". Alternatively, the SecureOffice web GUI can be used for package installation.
  • To install NoMachine on client PC: Download and install NoMachine for your OS.
  • Start NoMachine on client PC. Specify the SecureOffice LAN address, port 4000.

A screenshot of NoMachine client (on PC) remotely accessing the SecureOffice Xorg desktop running VmWare Workstation and lxterminal (multi-tabbed console application) is shown below:

Figure 9: NoMachine Remote Desktop

2.4    RDP Remote Access

 

3        Access SecureOffice From Internet or WAN

It is a severe security risk to allow password access to SecureOffice command prompt (SSH), files (SCP), web configuration and services over the WAN interface when using WAN topology. If you need secure remote access to SecureOffice using the WAN interface (Internet, WAN topology, LAN, LAN topology), this section explains how to do it. Note that a public IP address, discoverable by DNS is required for remote access to SecureOffice from the internet.

Secure remote access may be achieved by configuring SecureOffice to use public / private encryption keys for login verification, configuring an instance of dropbear to listen to the SSH port, and opening the SSH port on the firewall.

The OpenWrt documentation contains a HowTo regarding OpenWrt public key authentication. The following sections provide a step by step procedure using PuTTY.

3.1    Create Public and Private Keys For SSH

Start key generator: Windows: Start->All Programs->PuTTY->PuTTYgen

A window will appear, as shown below (after the "number of bits" field filled in)

Type 4096 (recommended, adequate security) or 5120 (extra security) in the "Number of bits in generated key" field:

Figure 10: PuTTYgen Start Window

Press the "Generate" button and move your mouse in the empty space to provide randomness when instructed. The public key will be generated and you will see the following window, as shown below:

Figure 11: PuTTYgen Key Created

It is recommended that all files created be placed in a single directory.

Copy the entire contents of the "public key for pasting" field and paste it into a text file (notepad++, wordpad or notepad) with name "something_ssh.pub", replacing "something" with whatever you choose. Save the "something_ssh.pub" file, you will need it later.

Optional: It is recommended to protect your keys with a passphrase. If you choose so, enter and confirm your passphrase. If you choose to use a passphrase and are logging into SecureOffice using this key, you will be prompted for this passphrase as part of the login process, an extra measure of security.

Press the "Save Public Key" button and choose a name of "something.pub", you will need it later.

Press the "Save Private Key" button. If you did not enter a passphrase, you will be asked to confirm this. Choose a name of "something.ppk", you will need it later.

Close PuTTYgen, your keys have been created.

3.2    Configure Putty to Use SSH Keys

Start PuTTY and load the session saved in section 1.1. Do not open the session yet. In the left pane, click "Connection->SSH" and then "Auth". You should see the following window:

Figure 12: PuTTY Enter Private SSH Key

Enter or browse to the directory and filename of the "something.ppk" (private key) file you created above. The full path and filename should appear in the "Private key file for authentication" field. Scroll the left pane up and click "Session". Click "Save".

At this point, configuration is incomplete. Keep going.

3.3    Remote Access to SecureOffice Web GUI

An advanced feature of PuTTY is ability to tunnel ports over the SSH connection. This can be used for secure remote access to the SecureOffice web configuration interface GUI and other services. This is an optional step and can be omitted.

In the PuTTY left pane, click "Connection->SSH" and then "Tunnels".

Figure 13: PuTTY Proxy HTTP Values

Fill in the "Source Port" and "Destination" fields as shown above. This will forward the SecureOffice internal port 80 (HTTP) to IP address 127.0.0.1 (localhost), port 80 on your client PC. Click "Add". You should see the following window:

Figure 14: PuTTY Proxy HTTP Entered

Repeat the above process to tunnel port 443.

Scroll the left pane up and click "Session". Click "Save".

At this point, configuration is incomplete. Keep going.

Note: If your client PC already has a service running on the source port, the tunnel will fail. This can be seen by enabling PuTTY logging, attempting to connect over the tunnel and failing. Close the connection and inspect the PuTTY log to see this. Due to VmWare Workstation being installed on a client PC, a service was running at "https://127.0.0.1:443". Had to change the "Source port" to "444" and access the Luci web interface at "https://127.0.0.1:444".

3.4    Configure WinSCP to Use SSH Keys

WinSCP can also be configured to use public / private keys for secure access using the WAN port.

Start WinSCP and select (left pane) the session to SecureOffice previously created. Click "Advanced" and then "Authentication" in the left pane. In the "Private key file" field, browse to the directory and filename of the "something.ppk" (private key) file you created above. The full path and filename should appear in the "Private key file" field. Press "OK", then Click "Save".

At this point, configuration is incomplete. Keep going.

3.5    Secure Remote Access Using Dropbear

Connect to SecureOffice over the LAN and start PuTTY (default address 192.168.10.1), login as root. Enter the following command:

"nano /etc/config/dropbear"

Type in the configuration values shown below:

config dropbear

option PasswordAuth 'on'

option Port '22'

option Interface 'lan'

 

config dropbear

option Port '22'

option Interface 'wan'

option PasswordAuth 'off'

option RootPasswordAuth 'off'

Figure 15: Edit Dropbear Configuration

The first section configures dropbear to listen for SSH connections on LAN port 22. This is the default setting and should already be there.

The second section is new and configures dropbear to listen for SSH connections on WAN port 22. Type the second section in and hit "CTL+w" (both keys together) to save the file.

Note: For additional security, the WAN SSH port can be changed to a non-standard port such as 3333. If you do this, you must also change the ports used for your firewall, remote PuTTY and WinSCP sessions to match.

If preferred, this configuration can be done using the SecureOffice web GUI. To do so, enter your SecureOffice LAN address (default 192.168.10.1) in a web browser, login and navigate to System->Administration. Under "Dropbear Instance", click add. Fill in the values as shown below:

Figure 16: Dropbear GUI Configuration

Click "Save&Apply"

At this point, configuration is incomplete. Keep going.

3.6    Add SSH Key for Secure Remote Access

Connect to SecureOffice over the LAN and start WinSCP (default address 192.168.10.1), login as root.

In the left pane, navigate to the directory (on your PC) where you saved the "something_ssh.pub" (SSH authorized key) file.

In the right pane, navigate to "/etc/dropbear".

In the left pane, select "something_ssh.pub" (SSH authorized key) file and drag it to the right pane. This copies the file from your PC to SecureOffice, directory "/etc/dropbear/"

Connect to SecureOffice over the LAN and start PuTTY (default address 192.168.10.1), login as root. Replace "something_ssh.pub" with your filename, enter the following commands (one per line, then enter):

  • "cd /etc/dropbear"
  • "cp authorized_keys authorized_keys_orig"
  • "cat authorized_keys_orig something_ssh.pub >> authorized_keys"
  • "chmod 0700 /etc/dropbear"
  • "chmod 0600 /etc/dropbear/authorized_keys"

The commands above save a copy of authorized_keys and adds the new key to the authorized_keys file.

If preferred, this configuration can be done using the SecureOffice web GUI. To do so, enter your SecureOffice LAN address (default 192.168.10.1) in a web browser, login and navigate to System->Administration. Paste the contents of the "something_ssh.pub" file in the "SSH-Keys" field.

Click "Save&Apply"

At this point, configuration is incomplete. Keep going.

3.7    Configure Firewall for Remote Access

Connect to SecureOffice over the LAN and start PuTTY (default address 192.168.10.1), login as root. Enter the following command:

"nano /etc/config/firewall"

At the end of the file, type in the configuration values shown below:

config rule

option enabled '1'

option target 'ACCEPT'

option src 'wan'

option proto 'tcp udp'

option dest_port '22'

option name 'support-SSH'

Figure 17: Edit Firewall SSH Rule

If preferred, this configuration can be done using the SecureOffice web GUI. To do so, enter your SecureOffice LAN address (default 192.168.10.1) in a web browser, login and navigate to "Network->Firewall->Traffic Rules". Under "Open ports on router", click add. Fill in the values as shown below, then click "Add":

Figure 18: GUI Firewall Open Port

Click "Save&Apply". You will see a new firewall entry for "support-SSH", as shown below:

Figure 19: GUI Firewall Port Open

At this point, remote access configuration of SecureOffice is complete. To have the new settings take effect, SecureOffice can be rebooted (powered off, then on), or "reboot" can be entered at a command prompt:

At reboot, the PuTTY session (and WiFi connection) will end. Need to re-connect using PuTTY.

Alternatively, re-boot can be avoided by entering the following commands:

  • "/etc/init.d/dropbear restart"
  • "/etc/init.d/firewall restart"

3.8    General Services Remote Access

It is possible to use different (service dependent, documented on internet) remote access methods per service. This is a lot of work and high maintenance. SecureOffice recommends a global (all services, common method) approach, requiring minimal configuration to make services remotely accessible.

Any SecureOffice service accessible using ports can be securely accessed remotely from anywhere on the internet using PuTTY tunneling. Assuming that PuTTY and dropbear have been configured per previous sections, it is a simple matter of configuring a PuTTY tunnel (as was done for the SecureOffice web GUI in section 3.3) for the ports required for the service (80, 443 for web GUI). To remotely access a service becomes a simple matter of connecting to SecureOffice using PuTTY. The service can be accessed from any client PC at "127.0.0.1:<port number>" where 127.0.0.1 is localhost.

Another global remote access approach is to use VPN server scripts (does not require a commercial VPN provider). Accessing services becomes a simple matter of clients establishing a VPN connection to SecureOffice. This connects the client to the SecureOffice LAN, allowing access to all devices and services. The service is accessed remotely the same as it is locally.

Note: When connecting to SecureOffice or services using an IP address as opposed to DNS domain name, all encrypted connections will result in a security warning. This is because SSL certificates verify by domain name and not IP addresses. Despite the warning, connections will still be secure. This can be avoided by adding an entry in the form of "<SecureOffice IP address> <your domain name>" in the "/etc/hosts" file of client PC's.

3.9    Testing Remote Access

A public IP address, discoverable by DNS is required for remote access to SecureOffice from the internet. If not yet done, configure DDNS by determining DDNS requirements and following the Dynamic DNS Configuration section.

To test PuTTY remote access to SecureOffice, use the PuTTY connection configured previously, replacing the LAN IP address with "yourdomain.com" and, the correct SSH port (if you changed it, else 22). Press "Open". If successful, if you entered a passphrase for your SSH key, you will be prompted for it and then logged in. If you did not choose a passphrase, you will be logged in. If failure, verify configuration for PuTTY, dropbear and firewall.

To test browser remote access to SecureOffice GUI, open a browser on your PC, enter "https://127.0.0.1:443" or "https://localhost:443" (or the correct HTTPS port if you changed it from 443 - Section 3.3) for address. Press "enter". You should see the OpenWrt login page. If not, and PuTTY is working, re-check the "Tunnel" settings (PuTTY left pane, click "Connection->SSH" and then "Tunnels") for PuTTY.

To test WinSCP remote access to SecureOffice, use the WinSCP connection configured above, replacing the LAN IP address with "yourdomain.com" and, the correct SSH port (if you changed it, else 22). Press "Login". You will be prompted for your SSH key password, if you chose one and logged in. If you did not choose a key password, you will be logged in. If unsuccessful, verify WinSCP configuration, to insure the correct private key file is used.

4        Tools for Initial SecureOffice Install

SecureOffice installation is achieved using a Linux shell script requiring a Linux system able to access the disk which is intended to host the SecureOffice operating system.

If you already have a Linux system or virtual machine and interface hardware capable of accessing the physical disk that will host the SecureOffice operating system (USB, SD, TF, mSATA, SATA, etc), this section can be skipped.

The following sections cover several Linux options (choose one) that can be used for installation of SecureOffice

4.1    Linux Emergency Recovery USB Boot Disk

Choosing this installation option has the following advantages:

  • Requirement: PC / HTPC must be able to boot from USB. Most modern computers do.
  • Easiest approach.
  • Can also be used to diagnose / repair SecureOffice boot (ie; misconfiguration) problems.
  • A recovery boot disk is an absolute necessity for anyone using Linux (including SecureOffice).
  • Chosen SecureOffice PC / HTPC already has required disk peripherals, no extra adaptors required.
  • Can install SecureOffice directly on target PC / HTPC.
  • Disadvantage: Requires changing boot order in BIOS to use.
  • Disadvantage: Requires a spare USB (at least 2GB) disk.

The preferred (free) emergency recovery disk is "System Rescue" on a USB stick. Installation instructions are available here. Important: Be sure to run the Windows installer as Administrator, otherwise the USB disk will fail to boot. Once installed on a USB disk, it is suggested to test it by booting your target or another PC, which may also require changing the BIOS boot order to boot from USB first.

If, during boot from "System Rescue" on a USB stick, the following errors are received:

error: file "/isolinux/rescue64" not found.
error: you need to load the kernel first.

Move the USB disk back to a Windows system and, using Windows notepad, notepad++ or some other editor (not Wordpad or Word) that does not change line endings from Linux to Windows format, open file (on USB disk) "/boot/grub/grub-XYZ.cfg" (XYZ is the System Rescue version). Change all occurrences of "isolinux" to "syslinux", save the file, eject the USB disk and attempt to boot again.

Alternatively (Linux skills), at above error, you can edit the grub command line, changing "isolinux" to "syslinux", boot and make the above changes permanent by editing the "grub-XYZ.cfg" using a Linux text editor from within System Rescue.

If, for some reason, "System Rescue" is not desired, there are many other Linux recovery boot disk options available (do internet search) and install one.

4.2    Linux Virtual Machine

Choose this option (perhaps in addition to Recovery Boot Disk above) for the following reasons:

  • You intend to host virtual machines on SecureOffice using the (premium) VmWare Workstation application and wish to create / administer virtual machines using your PC as opposed to using the SecureOffice desktop (Xorg) GUI. This requires copying the virtual machines from your PC to SecureOffice after complete.
  • You intend to use VmWare Workstation (premium) application for commercial purposes, in which case, you require a licensed copy of Vmware WorkStation Pro, available here. Given the significant expense, it is strongly recommended to defer purchasing Vmware Workstation until you have SecureOffice and the premium SecureOffice VmWare Workstation application running to your satisfaction and are ready to commit.
  • Non-commercial users wishing to create virtual machines on their PC can use the free version of VmWare Workstation, available here.

Once you have chosen and installed VmWare Workstation on your PC, it is necessary to choose and install a Linux distribution virtual machine for VmWare Workstation.

If the virtual machine is intended solely to install SecureOffice, any Linux distribution is adequate. Ubuntu is a very popular distribution, available here. Other distributions are available here, or, by internet search.

If it is your intent to install Sme-Server (recommended Linux distribution for services hosting), Sme-Server can also serve as the installation virtual machine.

If the virtual machine is intended to run under the SecureOffice VmWare Workstation application, you can save effort by creating (on PC) the virtual machine you intend to run under SecureOffice and use it (on your PC) for SecureOffice installation. The virtual machine can be copied to SecureOffice later.

If intending to follow recommendations and use Sme-Server virtual machine to host your websites, email and other services under SecureOffice, you can save effort by creating the Sme-Server virtual machine on your PC for SecureOffice installation and copying it over to SecureOffice later. You can install Sme-Server by following the previous link.

Once you have chosen and downloaded a Linux distribution, virtual machines can be created. Instructions for creating virtual machines from ISO images is located here. Virtual machines can be created on a host PC or directly on SecureOffice using the premium VmWare Workstation application.

The recommended settings for creating virtual machines (on PC or SecureOffice) destined to run under SecureOffice are:

  • Installer Disk Image File (browse to where you downloaded OS ISO file, select it)
  • If VmWare Workstation does not identify the OS from ISO file, select Linux and corresponding OS. If OS is not listed, select "other Linux 4.x or later kernel", 64 bit. For Sme-Server, you should select Other Linux 2.6.x kernel, 64 bits.
  • Select a name and location for your virtual machine. The recommended location (on SecureOffice) is in a subdirectory under "/home/data/Vmware".
  • Choose a disk size. 32GB recommended. You can shrink or grow it later, after determining the required size of your virtual machine once all services are installed and tested. Select store disk as a single file, or multiple according to preference.
  • Choose customize hardware. Memory: 4GB, Processors: 2, Network Adapter: Bridge, connect at power on.
  • Finish

4.3    SecureOffice Virtual Machine

A SecureOffice virtual machine may be used to evaluate SecureOffice and / or as a Linux system to install SecureOffice on real hardware.

To install a SecureOffice virtual machine:

  • Download latest SecureOffice virtual machine from here. Other revisions can be downloaded from here.
  • Using 7-Zip, WinRAR or another program, decompress the SecureOffice virtual machine archive.
  • Start VmWare Workstation player, select and run the virtual machine.
  • The default root password is "admin_54321". Login to the SecureOffice console in VmWare Workstation.
  • Use the virtual machine for evaluation and / or as a tool to install SecureOffice on real disks.
  • The SecureOffice VM can also be used while waiting for real hardware. Configure it to taste (without VmWare Workstation premium package - cannot run VM's in a VM). When real hardware becomes available, backup the configuration and restore to real hardware.

Further information regarding configuring and using the SecureOffice virtual machine is available here.

4.4    SecureOffice USB Boot Disk

Rufus is a Windows program for creating boot disks on removable media from image files. It can be used to install emergency recovery systems such as "System Rescue" above and SecureOffice.

A SecureOffice USB boot disk can be used as a Linux system for installing SecureOffice. In addition, it can be used to evaluate hardware compatibility of target PC's (if it boots and works without error, hardware is compatible). Another use is for SecureOffice evaluation before committing to hardware.

This section focusses on using Rufus to create a SecureOffice boot disk, USB booting SecureOffice on the target system and installing SecureOffice on the target system. Note that Rufus only works with disks that Rufus identifies as "removable" which includes USB, SD, TF and mSATA (with appropriate adapter). Note that some mSATA disks appear as non-removable and are not visible to Rufus.

Download and install Rufus (follow instructions) from here.

A screenshot of Rufus is shown below:

Figure 20: Rufus Boot Disk Creator

To create a SecureOffice boot disk:

  • The target USB disk must be at least 16GBytes plus whatever space is desired for bulk data storage (Virtual machines, etc.).
  • Download latest SecureOffice (x86_64) from here. Other revisions are available here.
  • With the target removable disk connected, start Rufus.
  • If you do not see the target disk in Rufus, try selecting "List USB Hard Drives". If Rufus still cannot see the target disk, Windows is detecting it as a non-removable disk and Rufus is incapable of programming the disk. Use another disk such as USB or, find another way to program the desired disk.
  • Using Rufus, select the downloaded "SecureOffice-x86_64.img.gz" file. No need to decompress, Rufus handles compressed files. Press "Start" to write SecureOffice to the target disk.
  • When complete, move the target disk to the target SecureOffice system and boot it.
  • It may be necessary to alter the target system BIOS boot order to boot from USB first.
  • It may be necessary (grub) to select the proper USB rootfs for boot. Instructions here.

If using the SecureOffice boot disk for evaluation, go to Initial SecureOffice Boot.

This method has the advantages of testing whether SecureOffice is compatible with your target hardware and providing an emergency recovery disk. It is the recommended approach.

Assuming SecureOffice has booted from USB, SecureOffice can, if desired be installed on the final target disk. In essence, the SecureOffice USB boot disk is used as the Linux distribution for installation. Follow Install SecureOffice on Boot Device instructions.

5        Nano Editor

SecureOffice comes bundled with the nano text editor by default. To use it type "nano file_to edit" at the SecureOffice command prompt. A summary of key commands is shown below. "CTL+Key" means "press the CTL and Key simultaneously":

  • Ctrl+X Exit the editor. If you've edited text without saving, you'll be prompted as to whether you really want to exit.
  • Ctrl+O Write (output) the current contents of the text buffer to a file. A filename prompt will appear; press Ctrl+T to open the file navigator.
  • Ctrl+R Read a text file into the current editing session. At the filename prompt, hit Ctrl+T for the file navigator.
  • Ctrl+K Cut a line into the clipboard. You can press this repeatedly to copy multiple lines, which are then stored as one chunk.
  • Ctrl+J Justify (fill out) a paragraph of text. By default, this reflows text to match the width of the editing window.
  • Ctrl+U Uncut text, or rather, paste it from the clipboard. Note that after a Justify operation, this turns into unjustify.
  • Ctrl+T Check spelling.
  • Ctrl+W Find a word or phrase. At the prompt, use the cursor keys to go through previous search terms, or hit Ctrl+R to move into replace mode. Alternatively, you can hit Ctrl+T to go to a specific line.
  • Ctrl+C Show current line number and file information.
  • Ctrl+G Get help; this provides information on navigating through files and common keyboard commands.

6        NotePad++ Editor

Notepad++ is a free source code editor and Notepad replacement. It has many useful features such as find and replace in files. It is useful for editing Linux files on Windows PC's since it does not translate Linux to Windows line endings as many Windows editors do. Notepad++ can be downloaded here.

7        7-Zip File Archive Utility

7-Zip is a free file archiver with a high compression ratio. It performs the same functions as WinRar, WinZip and other compress / de-compress utilities. 7-Zip can be downloaded from the previous link.

Rating 0/5
Rating: 0/5 (0 votes)
Votes are disable!
Print article
The comments are owned by the author. We aren't responsible for their content.

Technologies Used:

Design by: XOOPS UI/UX Team