Last active
September 18, 2023 13:22
-
-
Save fetchTe/52f3c55d5a1bd99c872b3e79b3965308 to your computer and use it in GitHub Desktop.
install-xrdp-openbox.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # Update our machine to the latest code if we need to. | |
| # | |
| HWE="-hwe-20.04" | |
| # HWE="-hwe-18.04" | |
| if [ "$(id -u)" -ne 0 ]; then | |
| echo 'This script must be run with root privileges' >&2 | |
| exit 1 | |
| fi | |
| apt update && apt upgrade -y | |
| if [ -f /var/run/reboot-required ]; then | |
| echo "A reboot is required in order to proceed with the install." >&2 | |
| echo "Please reboot and re-run this script to finish the install." >&2 | |
| exit 1 | |
| fi | |
| ############################################################################### | |
| # openbox/XRDP | |
| # | |
| # Install hv_kvp utils | |
| apt install -y linux-generic${HWE} | |
| # openbox | |
| apt install -y openbox-lxde-session | |
| # Install the xrdp service so we have the auto start behavior | |
| apt install -y xrdp | |
| # Install Tweaks Utilty if Gnome desktop used (Optional) | |
| if [[ "HWE" != *"-hwe-18.04"* ]]; | |
| then | |
| apt-get install gnome-tweaks -y | |
| apt-get install gnome-shell-extensions -y | |
| EOF | |
| fi | |
| systemctl stop xrdp | |
| systemctl stop xrdp-sesman | |
| # Configure the installed XRDP ini files. | |
| # use rdp security. | |
| sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' /etc/xrdp/xrdp.ini | |
| # remove encryption validation. | |
| sed -i_orig -e 's/crypt_level=high/crypt_level=low/g' /etc/xrdp/xrdp.ini | |
| # disable bitmap cache - weird login session | |
| sed -i_orig -e 's/bitmap_cache=true/bitmap_cache=false/g' /etc/xrdp/xrdp.ini | |
| # disable bitmap compression since its local its much faster | |
| sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini | |
| # use the script to setup the openbox session | |
| sed -e 's/^new_cursors=true/new_cursors=false/g' \ | |
| -i /etc/xrdp/xrdp.ini | |
| # reconfigure the service | |
| systemctl daemon-reload | |
| systemctl enable xrdp.service | |
| systemctl enable xrdp-sesman.service | |
| systemctl start xrdp | |
| # set XRDP with session at user's home directory (xfce4-session) | |
| echo "openbox-session" > ~/.xsession | |
| # fix display issue of gray/black screen | |
| mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.sh.backup | |
| cat <<EOF > /etc/xrdp/startwm.sh | |
| #!/bin/sh | |
| if [ -r /etc/default/locale ]; then | |
| . /etc/default/locale | |
| export LANG LANGUAGE | |
| fi | |
| exec openbox-session | |
| EOF | |
| # # Allow multiple sessions (local and remote) for the same use | |
| # apt remove dbus-user-session | |
| # apt install dbus-x11 | |
| # # light-locker fix | |
| # mv /usr/bin/light-locker /usr/bin/light-locker.orig | |
| # cat <<EOF | sudo tee /usr/bin/light-locker | |
| # #!/bin/sh | |
| # # The light-locker uses XDG_SESSION_PATH provided by lightdm. | |
| # if [ ! -z "\${XDG_SESSION_PATH}" ]; then | |
| # /usr/bin/light-locker.orig | |
| # else | |
| # # Disable light-locker in XRDP. | |
| # true | |
| # fi | |
| # EOF | |
| # # Configure the policy xrdp session | |
| # # @note -> Authentication Required to Create Managed Color Device | |
| # # https://c-nergy.be/blog/?p=12073 | |
| # cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf | |
| # polkit.addRule(function(action, subject) { | |
| # if ((action.id == "org.freedesktop.color-manager.create-device" || | |
| # action.id == "org.freedesktop.color-manager.create-profile" || | |
| # action.id == "org.freedesktop.color-manager.delete-device" || | |
| # action.id == "org.freedesktop.color-manager.delete-profile" || | |
| # action.id == "org.freedesktop.color-manager.modify-device" || | |
| # action.id == "org.freedesktop.color-manager.modify-profile" | |
| # //-- no group restriction; allow any user to manipulate color profiles! | |
| # //-- uncomment and substitude adm with the group you need, if needed. | |
| # // ) && ( | |
| # // subject.isInGroup("{adm}") | |
| # )) | |
| # { | |
| # return polkit.Result.YES; | |
| # } | |
| # }); | |
| # EOF | |
| # systemctl restart polkit | |
| cat > /etc/polkit-1/localauthority/50-local.d/45-allow.colord.pkla <<EOF | |
| [Allow Colord all Users] | |
| Identity=unix-user:* | |
| Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile | |
| ResultAny=no | |
| ResultInactive=no | |
| ResultActive=yes | |
| EOF | |
| #Not to apply to Ubuntu 18.04 version but to others....This caused an issue on Ubuntu 18.04 | |
| if [[ "HWE" != *"-hwe-18.04"* ]]; | |
| then | |
| cat > /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla <<EOF | |
| [Allow Package Management all Users] | |
| Identity=unix-user:* | |
| Action=org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-network-proxy-configure | |
| ResultAny=yes | |
| ResultInactive=yes | |
| ResultActive=yes | |
| EOF | |
| fi | |
| # enable firewall | |
| ufw enable | |
| # set - allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 | |
| # to connect to the RDP port using TCP | |
| ufw allow from 192.168.1.0/24 to any port 3389 proto tcp | |
| ufw allow from 192.168.1.0/24 to any port 22 proto tcp | |
| # check | |
| ufw status numbered | |
| # | |
| # End XRDP | |
| ############################################################################### | |
| allow_console() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Configuring Allow Console Access... \e[0m" | |
| echo | |
| # Checking if Xwrapper file exists | |
| if [ -f /etc/X11/Xwrapper.config ] | |
| then | |
| sudo sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config | |
| else | |
| sudo bash -c "cat >/etc/X11/Xwrapper.config" <<EOF | |
| allowed_users=anybody | |
| EOF | |
| fi | |
| } | |
| #---------------------------------------------------# | |
| # Function 14 - Fix SSL Minor Issue .... | |
| #---------------------------------------------------# | |
| fix_ssl() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fixing SSL Permissions settings... \e[0m" | |
| echo | |
| if id -Gn xrdp | grep ssl-cert | |
| then | |
| /bin/echo -e "\e[1;32m !--xrdp already member ssl-cert...Skipping ---!\e[0m" | |
| else | |
| sudo adduser xrdp ssl-cert | |
| fi | |
| } | |
| #---------------------------------------------------# | |
| # Function 15 - Fixing env variables in XRDP .... | |
| #---------------------------------------------------# | |
| fix_env() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fixing xRDP env Variables... \e[0m" | |
| echo | |
| #Add this line to /etc/pam.d/xrdp-sesman if not present | |
| if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/xrdp-sesman | |
| then | |
| echo "Env settings already set" | |
| else | |
| sudo sed -i '1 a session required pam_env.so readenv=1 user_readenv=0' /etc/pam.d/xrdp-sesman | |
| fi | |
| } | |
| install_common() | |
| { | |
| #install_tweak | |
| install_tweak | |
| allow_console | |
| fix_ssl | |
| fix_env | |
| } | |
| echo "Install is complete." | |
| echo "If Remmina enable - Glyph Cache" | |
| echo "Reboot your machine to begin using XRDP..." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment