Commands Cheatsheet

Start VNC

x11vnc -shared -forever -noxdamage -localhost -noxrecord -nopw -many -loop -display :0

Start noVNC (with ssl)

 novnc --listen 443 --cert /etc/letsencrypt/live/suda.formatc.hr/fullchain.pem --key /etc/letsencrypt/live/suda.formatc.hr/privkey.pem

renew Let's encrypt certificate

certbot certonly --standalone -d suda.formatc.hr

Enabling low level ports for a particular process

setcap cap_net_bind_service=+ep /usr/bin/novnc

Adding a restricted user

#add user
useradd -m $USERNAME

#Create the script named /usr/local/bin/rbash that contains the following:
#!/bin/bash
/bin/bash --restricted

#Make it executable 
chmod +r /usr/local/bin/rbash

#add /usr/local/bin/rbash to /etch/shells

#Change shell to the restricted shell 
chsh -s "/usr/local/bin/rbash" suda