How to run a secured NOLF server on Linux

General Nolf1

Post Reply
User avatar
Spawn
Admin
Admin
Posts: 1169
Joined: Sun Jul 25, 2004 12:50 am
Location: Norway
Contact:

How to run a secured NOLF server on Linux

Post by Spawn » Wed Jul 31, 2019 6:34 pm

I found this post about hosting nolf in a non GUI linux system. Figured it was good info.
(Originally posted at the unityhq forum by Schmatzler)

Hi guys,


I wanted to create a new NOLF server, but I have only a decent Linux box running Debian. But I thought, 2x2,4 GHz and 8 Gig of RAM would make a damn fine machine for all NOLFers out there, so I figured out a way to run it on Linux anyway. Without a monitor, in shell and with an extra user in its own environment, so it should not be possible to use its security holes for gaining access to your machine. I also added a failsafe script that kicks in and restarts the server if it crashes.



First, we login to our machine via ssh (as root user) and create a new user called gameserver. This one will be used for running our NOLF server:


useradd --home-dir /home/gameserver --password swordfish --shell /bin/false gameserver


Now we have a new user without a shell. No one can login to your box with this user. Its home directory is /home/gameserver. Fine. Lets move on, the next step is installing the needed software for running the NOLF server:


apt-get install wine xvfb


Wine is needed to emulate a windows environment, xvfb is creating a virtual screen later on, so we can run the server without a screen attached.



Now create a new directory /home/gameserver/nolf with


mkdir /home/gameserver/nolf


and place the following files into it:


autoexec.cfg nolf003cres.rez NOLFGOTY.REZ nolfu003cres.rez startup.txt
ltmsg.dll NOLF2.REZ NOLF.REZ nolfu003.rez
NetHost.txt NOLFCRES003.REZ NolfServ.exe server.dll


Note that the NetHost.txt is generated after running NolfSrv.exe the first time. So you should start up the program at least one time on your windows box and do all the required settings in the wizard. After that, you have a preconfigured NetHost.txt you can copy to your linux box.



This is it - the nolf server files are on your box and your user is created. Now we set up a script that starts your nolf server.



Create a new crontab for the gameserver user with the following command:

EDITOR=mcedit crontab -e -u gameserver


An editor should open up. If not, install the program mc with apt-get install mc.



Paste the following content into the editor and press F2+F10 to save and close it:


MAILTO=""
* * * * * /home/gameserver/nolf_check.sh


What this does: It starts the script nolf_check.sh every 60 seconds - so we gonna have to create that and fill it with contents:


mcedit /home/gameserver/nolf_check.sh


The editor opens again. This time, paste the following commands into it. Close with F2+F10.


#!/bin/bash
# check daemon
ps -ef | grep -v grep | grep NolfServ.exe
# if not found - equals to 1, start it
if [ $? -eq 1 ]
then
cd nolf && nohup xvfb-run -a wine NolfServ.exe -nowiz -NetUsePassword "false" >/dev/null 2>/dev/null &
else
echo "nolf found - do nothing"
fi


Important: Don't just write "-nowiz" as an option alone. This does not work and opens the wizard. Since we have no screen, we can't use it to start the server. I added the option -NetUsePassword "false" after it, since I don't use a password either.



Now we will make sure, that the whole directory belongs to the right user and that the script is executable:


chown -R gameserver:gameserver /home/gameserver

chmod +x /home/gameserver/nolf_check.sh


Done! Now wait some seconds and your server should show up in the master list! If not, unblock the ports 2300-2400 (TCP) and 27888 (UDP) in your firewall.


Schmatzler, 2012 (Originally posted at the unityhq forum)
Image

Post Reply
jedwabna poszewka 50x60