Linux – On a linux server, how to make iLO’s remote console go somewhere other than the login prompt

consolelinux

I have a server I'd like to appliance-ize. It is running CentOS linux and I'd like to make it so when logging onto the system via the console (In this case, using iLO's remote console) they are given a different custom made menu instead of the standard linux login/shell. How do I do this?

(My limited google-fu leads me to the inittab, but this ventures well beyond my comfort level with linux. So I'm not sure if this is the right path.)

Best Answer

My friend, I think that you are thinking iLO does something other than what it does.

iLO is an interface to a virtual display. Other than a rough VNC session to the video I/O stream (not even X:0; more like the display adapter itself) and Keyboard & Mouse inpute, you can't interact with the system. iLO is for out-of-band management. It's better than hooking up a crash cart (especially if your server is in another country, state, datacenter, room, or laziness range), but the interaction could be said to be screen-based.

What you see is what you get.

This makes it extremely useful and resilient. This is what allows you to see the machine from power-application (before power is on!) to watch and interact with the BIOS, RAID, and netboot, or select booting to other media.

Related Solutions

Linux – How to track superuser activities

For environments with multiple admins just don't use root - ever if possible.

Use sudo for everything - sudo is extremely configurable and easily logable.

Log any / all logins or su's to root & investigate them as someone is then going around your established rules.

Linux – How to run a server on port 80 as a normal user on Linux

Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.

The long answer: you can redirect connections on port 80 to some other port you can open as normal user.

Run as root:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

EDIT: as per comment question - to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

Best Answer

Related Solutions

Linux – How to track superuser activities

Linux – How to run a server on port 80 as a normal user on Linux

Related Topic