Hardening the Raspberry Pi VNC Mirror

***Please visit the new simplified installation of the Raspberry Pi VNC Mirror***

 

This is an extension from this post: Raspberry Pi – VNC Mirror (Repeater) – Make any computer public anywhere

Having a RPi as VNC Mirror in production is a nice idea. But from time to time energy shortages make the Raspberry Pi shutdown unexpectedly where it may come to SD card corruption while a read or write process was in progress.

Another thing I experienced is that sometimes the computer you want to mirror loses the network connection or is by itself down for any reason. After this the VNCViewer will hang in a state where it wants the user to click-OK the a message and does not do anything, also if the computer which is to be mirrored comes up again in the meanwhile.

I have found out if the process is running correctly and mirroring the other computer, its Signal Ignore state is 0000000000000004.

First I get the process ID of my ssvncviewer

pidof ssvncviewer

knowing the process ID (in my case 2134), the status of the process can now be viewed

pi@rpi1 ~ $ cat /proc/2134/status
Name:   ssvncviewer
State:  S (sleeping)
Tgid:   2134
Pid:    2134
PPid:   1944
TracerPid:      0
Uid:    1000    1000    1000    1000
Gid:    1000    1000    1000    1000
FDSize: 256
Groups: 4 20 24 27 29 44 46 60 100 106 999 1000
VmPeak:    16044 kB
VmSize:    16044 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:      8904 kB
VmRSS:      8904 kB
VmData:    10792 kB
VmStk:       136 kB
VmExe:       276 kB
VmLib:      3972 kB
VmPTE:        18 kB
VmSwap:        0 kB
Threads:        1
SigQ:   0/3506
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000004
SigCgt: 0000000000004003
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
Cpus_allowed:   1
Cpus_allowed_list:      0
voluntary_ctxt_switches:        2071
nonvoluntary_ctxt_switches:     17019

I also tested it while the message “could not connect to …” was present.

In this case the SigIgn had the status 0000000000000006. So all we need to do is to check if SigIgn has the State of 0000000000000004. Otherwise we will simply kill the process. The scripts starts the VNCViewer again in some seconds.

This is the updated script, which is found in /home/pi/.config/autostart/vncview.sh

# Process check script: The script simply checks if a process is running and if it is not found to be running it will execute it.
# The script loops in preset intervals, hence it is possible to monitor a process continuously.

# Variables
Running=1
SleepInterval=20
ProcessInstances=`sudo ps aux | grep [s]svncviewer | wc -l`

#VNC Variables
vnc=ssvncviewer
host=vm1.sysstem.at
display=0
resolution=1920x1080
passfile=/home/pi/.vnc/passwd2
para="-display :$display -viewonly -fullscreen -shared -passwd $passfile -scale $resolution -encoding zrle"

function checkstatus() {
        vncpid=$(pidof ssvncviewer)
        sigign=$(sudo cat /proc/${vncpid}/status | grep SigIgn | awk '{print $2}')
}

# Logic
while [ $Running -gt 0 ]
do

        if [ `sudo ps aux | grep [s]svncviewer | wc -l` -gt 0 ]; then
                echo Process already running! Checking the Status.
                checkstatus
                if [ $sigign !=  "0000000000000004" ]; then
                        echo SSVNCViewer has not status 4
                        echo Killing SSVNCViewer
                        kill ${vncpid}
                else
                        echo SSVNCViewer status seems to be ok
                fi
        else
                echo Process not running! Starting process
                # This is the command that should start the process in question
                $vnc $host $para &
        fi

        # How often shall we repeat the check?
        echo Sleeping for $SleepInterval seconds
        sleep $SleepInterval

done

exit 0

To avoid SD card corruptions just follow the article by micerinos in the Raspberry Pi forum.

I created a script which does all the stuff (except for the apache thing) mentioned in the article, because I am lazy.

sudo bash
echo "RAMTMP=yes">>/etc/default/rcS
echo "proc            /proc           proc    defaults          0       0">/etc/fstab
echo "tmpfs           /var/log        tmpfs   nodev,nosuid,size=30M,mode=1777 0       0">>/etc/fstab
echo "tmpfs           /tmp            tmpfs   nodev,nosuid,size=30M,mode=1777 0       0">>/etc/fstab
echo "/dev/mmcblk0p1  /boot           vfat    defaults,ro,noatime,errors=remount-ro          0       1">>/etc/fstab
echo "/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1">>/etc/fstab
sed -i 's/[ ! -f /etc/adjtime ]/[ ! -L /etc/adjtime ]/;' /etc/init.d/hwclock.sh
echo "BLKID_FILE="/var/local/blkid.tab"">>/etc/environment
rm /etc/mtab
ln -s /proc/self/mounts /etc/mtab
echo "DPkg {">>/etc/apt/apt.conf
echo "    // Auto re-mounting of a readonly /">>/etc/apt/apt.conf
echo "    Pre-Invoke { "mount -o remount,rw /"; };">>/etc/apt/apt.conf
echo "    Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro / || true"; };">>/etc/apt/apt.conf
echo "};">>/etc/apt/apt.conf

Hope you’re lazy too! 😉

 

2 thoughts on “Hardening the Raspberry Pi VNC Mirror”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.