Last active
September 18, 2023 13:22
-
-
Save fetchTe/52f3c55d5a1bd99c872b3e79b3965308 to your computer and use it in GitHub Desktop.
Revisions
-
fetchTe revised this gist
Mar 7, 2022 . 1 changed file with 92 additions and 44 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,15 +1,30 @@ ############################################################################### # Update our machine to the latest code if we need to. HWE="-hwe-20.04" # HWE="-hwe-18.04" ############################################################################### # !!!IMPORTANT!!!! # If you don't want to use openbox you need change this per distro # ex: echo "xfce4-session" > ~/.xsession config_distro() { echo /bin/echo -e "\e[1;33m |-| Config distro... \e[0m" echo # set XRDP with session at user's home directory apt install -y openbox-lxde-session echo "openbox-session" > ~/.xsession } ############################################################################### # Update our machine to the latest code if we need to. if [ "$(id -u)" -ne 0 ]; then echo 'This script must be run with root privileges' >&2 exit 1 fi apt update && apt upgrade -y if [ -f /var/run/reboot-required ]; then @@ -18,18 +33,20 @@ if [ -f /var/run/reboot-required ]; then exit 1 fi ############################################################################### # install base XRDP install_base() { echo /bin/echo -e "\e[1;33m |-| Installing xrdp base... \e[0m" echo # Install hv_kvp utils apt install -y linux-generic${HWE} apt install -y net-tools # Install the xrdp service so we have the auto start behavior apt install -y xrdp systemctl stop xrdp systemctl stop xrdp-sesman @@ -43,47 +60,64 @@ sed -i_orig -e 's/bitmap_cache=true/bitmap_cache=false/g' /etc/xrdp/xrdp.ini # disable bitmap compression since its local its much faster sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini # # Allow multiple sessions (local and remote) for the same use # apt remove dbus-user-session # apt install dbus-x11 } ############################################################################### # fix: rdesktop's black-square cursor fix_rdesktop() { echo /bin/echo -e "\e[1;33m |-| Fix rdesktop... \e[0m" echo sed -e 's/^new_cursors=true/new_cursors=false/g' \ -i /etc/xrdp/xrdp.ini } ############################################################################### # fix: light-locker fix_light_locker() { echo /bin/echo -e "\e[1;33m |-| Fix light_locker... \e[0m" echo mv /usr/bin/light-locker /usr/bin/light-locker.orig cat <<EOF | sudo tee /usr/bin/light-locker #!/bin/sh # The light-locker uses XDG_SESSION_PATH provided by lightdm. if [ ! -z "\${XDG_SESSION_PATH}" ]; then /usr/bin/light-locker.orig else # Disable light-locker in XRDP. true fi EOF } ############################################################################### # fix: display issue of gray/black screen fix_gray_screen() { echo /bin/echo -e "\e[1;33m |-| Fix grey screen... \e[0m" echo mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.sh.backup cat <<EOF > /etc/xrdp/startwm.sh #!/bin/sh if [ -r /etc/default/locale ]; then . /etc/default/locale export LANG LANGUAGE fi exec openbox-session EOF } ############################################################################### # fix_polkit fix_polkit() { echo @@ -115,6 +149,8 @@ fi ################################################################################ # install_tweak install_tweak() { echo @@ -130,6 +166,8 @@ fi } ################################################################################ # create_firewall create_firewall() { echo @@ -142,16 +180,12 @@ ufw enable # to connect to the RDP port using TCP ufw allow from 192.168.1.0/24 to any port 3389 proto tcp ufw allow from 192.168.1.0/24 to any port 22 proto tcp } ################################################################################ # allow_console allow_console() { echo @@ -171,6 +205,8 @@ fi #---------------------------------------------------# # Function 14 - Fix SSL Minor Issue .... #---------------------------------------------------# ################################################################################ # fix_ssl fix_ssl() { echo @@ -188,6 +224,8 @@ fi #---------------------------------------------------# # Function 15 - Fixing env variables in XRDP .... #---------------------------------------------------# ################################################################################ # fix_env fix_env() { echo @@ -206,6 +244,8 @@ if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/x #---------------------------------------------------# # Function 7 - create services .... #---------------------------------------------------# ################################################################################ # enable_service enable_service() { echo /bin/echo -e "\e[1;33m |-| Creating and configuring xRDP services \e[0m" @@ -217,6 +257,8 @@ sudo systemctl start xrdp } ################################################################################ # print_config print_config() { echo @@ -242,18 +284,24 @@ echo } ############################################################################### # Setup - comment/un-comment based on needs # install_xrdp() { install_base config_distro install_tweak create_firewall fix_polkit allow_console fix_ssl fix_env # fix_rdesktop # fix_light_locker # fix_gray_screen enable_service print_config } install_xrdp -
Mar 7, 2022 . 1 changed file with 34 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,14 +29,6 @@ apt install -y openbox-lxde-session # Install the xrdp service so we have the auto start behavior apt install -y xrdp systemctl stop xrdp systemctl stop xrdp-sesman @@ -52,15 +44,10 @@ sed -i_orig -e 's/bitmap_cache=true/bitmap_cache=false/g' /etc/xrdp/xrdp.ini sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini # # use the script to setup the openbox session # sed -e 's/^new_cursors=true/new_cursors=false/g' \ # -i /etc/xrdp/xrdp.ini # set XRDP with session at user's home directory (xfce4-session) echo "openbox-session" > ~/.xsession @@ -128,6 +115,21 @@ fi install_tweak() { echo /bin/echo -e "\e[1;33m |-| Install Tweaks... \e[0m" echo # Install Tweaks Utilty if Gnome desktop used (Optional) if [[ "HWE" != *"-hwe-18.04"* ]]; then apt-get install gnome-tweaks -y apt-get install gnome-shell-extensions -y EOF fi } create_firewall() { echo @@ -201,6 +203,20 @@ if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/x } #---------------------------------------------------# # Function 7 - create services .... #---------------------------------------------------# enable_service() { echo /bin/echo -e "\e[1;33m |-| Creating and configuring xRDP services \e[0m" echo sudo systemctl daemon-reload sudo systemctl enable xrdp.service sudo systemctl enable xrdp-sesman.service sudo systemctl start xrdp } print_config() { echo @@ -226,6 +242,7 @@ echo } install_common() { #install_tweak @@ -235,6 +252,7 @@ fix_polkit allow_console fix_ssl fix_env enable_service print_config } install_common -
Mar 7, 2022 . 1 changed file with 7 additions and 27 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -86,7 +86,6 @@ EOF # mv /usr/bin/light-locker /usr/bin/light-locker.orig # cat <<EOF | sudo tee /usr/bin/light-locker # #!/bin/sh # # The light-locker uses XDG_SESSION_PATH provided by lightdm. # if [ ! -z "\${XDG_SESSION_PATH}" ]; then # /usr/bin/light-locker.orig @@ -97,29 +96,6 @@ EOF # EOF fix_polkit() { @@ -239,10 +215,14 @@ ifconfig echo /bin/echo -e "\e[1;32m |!| DONE: Install is complete \e[0m" echo echo /bin/echo -e "\e[1;33m |-| NOTE: Remmina users: enable 'Glyph Cache' \e[0m" echo echo /bin/echo -e "\e[1;32m |!| Reboot your machine to begin using XRDP... \e[0m" echo } -
Mar 7, 2022 . 1 changed file with 42 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,6 +23,7 @@ fi # # Install hv_kvp utils apt install -y linux-generic${HWE} apt install -y net-tools # openbox apt install -y openbox-lxde-session # Install the xrdp service so we have the auto start behavior @@ -119,6 +120,13 @@ EOF # EOF # systemctl restart polkit fix_polkit() { echo /bin/echo -e "\e[1;33m |-| Fix Polkit... \e[0m" echo cat > /etc/polkit-1/localauthority/50-local.d/45-allow.colord.pkla <<EOF [Allow Colord all Users] Identity=unix-user:* @@ -140,8 +148,15 @@ ResultInactive=yes ResultActive=yes EOF fi } create_firewall() { echo /bin/echo -e "\e[1;33m |-| Create firewall... \e[0m" echo # enable firewall ufw enable @@ -150,8 +165,8 @@ ufw enable ufw allow from 192.168.1.0/24 to any port 3389 proto tcp ufw allow from 192.168.1.0/24 to any port 22 proto tcp } # # End XRDP @@ -209,16 +224,38 @@ if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/x fi } print_config() { echo /bin/echo -e "\e[1;33m |-| CONFIG: Firewall \e[0m" echo ufw status numbered echo /bin/echo -e "\e[1;33m |-| CONFIG: ifconfig \e[0m" echo ifconfig echo /bin/echo -e "\e[1;33m |-| DONE: Install is complete \e[0m" echo echo "If Remmina enable - Glyph Cache" echo "Reboot your machine to begin using XRDP..." } install_common() { #install_tweak install_tweak create_firewall fix_polkit allow_console fix_ssl fix_env print_config } install_common -
Mar 7, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -217,7 +217,7 @@ allow_console fix_ssl fix_env } install_common echo "Install is complete." echo "If Remmina enable - Glyph Cache" -
Mar 7, 2022 . 1 changed file with 134 additions and 39 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,6 +28,15 @@ apt install -y openbox-lxde-session # Install the xrdp service so we have the auto start behavior apt install -y xrdp # Install Tweaks Utilty if Gnome desktop used (Optional) if [[ "HWE" != *"-hwe-18.04"* ]]; then apt-get install gnome-tweaks -y apt-get install gnome-shell-extensions -y EOF fi systemctl stop xrdp systemctl stop xrdp-sesman @@ -45,11 +54,13 @@ sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/ # use the script to setup the openbox session sed -e 's/^new_cursors=true/new_cursors=false/g' \ -i /etc/xrdp/xrdp.ini # reconfigure the service systemctl daemon-reload systemctl enable xrdp.service systemctl enable xrdp-sesman.service systemctl start xrdp # set XRDP with session at user's home directory (xfce4-session) echo "openbox-session" > ~/.xsession # fix display issue of gray/black screen @@ -65,49 +76,71 @@ fi exec openbox-session EOF # # Allow multiple sessions (local and remote) for the same use # apt remove dbus-user-session # apt install dbus-x11 # # light-locker fix # mv /usr/bin/light-locker /usr/bin/light-locker.orig # cat <<EOF | sudo tee /usr/bin/light-locker # #!/bin/sh # # The light-locker uses XDG_SESSION_PATH provided by lightdm. # if [ ! -z "\${XDG_SESSION_PATH}" ]; then # /usr/bin/light-locker.orig # else # # Disable light-locker in XRDP. # true # fi # EOF # # Configure the policy xrdp session # # @note -> Authentication Required to Create Managed Color Device # # https://c-nergy.be/blog/?p=12073 # cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf # polkit.addRule(function(action, subject) { # if ((action.id == "org.freedesktop.color-manager.create-device" || # action.id == "org.freedesktop.color-manager.create-profile" || # action.id == "org.freedesktop.color-manager.delete-device" || # action.id == "org.freedesktop.color-manager.delete-profile" || # action.id == "org.freedesktop.color-manager.modify-device" || # action.id == "org.freedesktop.color-manager.modify-profile" # //-- no group restriction; allow any user to manipulate color profiles! # //-- uncomment and substitude adm with the group you need, if needed. # // ) && ( # // subject.isInGroup("{adm}") # )) # { # return polkit.Result.YES; # } # }); # EOF # systemctl restart polkit cat > /etc/polkit-1/localauthority/50-local.d/45-allow.colord.pkla <<EOF [Allow Colord all Users] Identity=unix-user:* Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile ResultAny=no ResultInactive=no ResultActive=yes EOF #Not to apply to Ubuntu 18.04 version but to others....This caused an issue on Ubuntu 18.04 if [[ "HWE" != *"-hwe-18.04"* ]]; then cat > /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla <<EOF [Allow Package Management all Users] Identity=unix-user:* Action=org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-network-proxy-configure ResultAny=yes ResultInactive=yes ResultActive=yes EOF fi # enable firewall ufw enable @@ -124,6 +157,68 @@ ufw status numbered # End XRDP ############################################################################### allow_console() { echo /bin/echo -e "\e[1;33m |-| Configuring Allow Console Access... \e[0m" echo # Checking if Xwrapper file exists if [ -f /etc/X11/Xwrapper.config ] then sudo sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config else sudo bash -c "cat >/etc/X11/Xwrapper.config" <<EOF allowed_users=anybody EOF fi } #---------------------------------------------------# # Function 14 - Fix SSL Minor Issue .... #---------------------------------------------------# fix_ssl() { echo /bin/echo -e "\e[1;33m |-| Fixing SSL Permissions settings... \e[0m" echo if id -Gn xrdp | grep ssl-cert then /bin/echo -e "\e[1;32m !--xrdp already member ssl-cert...Skipping ---!\e[0m" else sudo adduser xrdp ssl-cert fi } #---------------------------------------------------# # Function 15 - Fixing env variables in XRDP .... #---------------------------------------------------# fix_env() { echo /bin/echo -e "\e[1;33m |-| Fixing xRDP env Variables... \e[0m" echo #Add this line to /etc/pam.d/xrdp-sesman if not present if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/xrdp-sesman then echo "Env settings already set" else sudo sed -i '1 a session required pam_env.so readenv=1 user_readenv=0' /etc/pam.d/xrdp-sesman fi } install_common() { #install_tweak install_tweak allow_console fix_ssl fix_env } echo "Install is complete." echo "If Remmina enable - Glyph Cache" echo "Reboot your machine to begin using XRDP..." -
Mar 7, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,129 @@ ############################################################################### # Update our machine to the latest code if we need to. # HWE="-hwe-20.04" # HWE="-hwe-18.04" if [ "$(id -u)" -ne 0 ]; then echo 'This script must be run with root privileges' >&2 exit 1 fi apt update && apt upgrade -y if [ -f /var/run/reboot-required ]; then echo "A reboot is required in order to proceed with the install." >&2 echo "Please reboot and re-run this script to finish the install." >&2 exit 1 fi ############################################################################### # openbox/XRDP # # Install hv_kvp utils apt install -y linux-generic${HWE} # openbox apt install -y openbox-lxde-session # Install the xrdp service so we have the auto start behavior apt install -y xrdp systemctl stop xrdp systemctl stop xrdp-sesman # Configure the installed XRDP ini files. # use rdp security. sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' /etc/xrdp/xrdp.ini # remove encryption validation. sed -i_orig -e 's/crypt_level=high/crypt_level=low/g' /etc/xrdp/xrdp.ini # disable bitmap cache - weird login session sed -i_orig -e 's/bitmap_cache=true/bitmap_cache=false/g' /etc/xrdp/xrdp.ini # disable bitmap compression since its local its much faster sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini # use the script to setup the openbox session sed -e 's/^new_cursors=true/new_cursors=false/g' \ -i /etc/xrdp/xrdp.ini # reconfigure the service systemctl daemon-reload systemctl start xrdp # set XRDP with session at user's home directory (xfce4-session) echo "openbox-session" > ~/.xsession # fix display issue of gray/black screen mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.sh.backup cat <<EOF > /etc/xrdp/startwm.sh #!/bin/sh if [ -r /etc/default/locale ]; then . /etc/default/locale export LANG LANGUAGE fi exec openbox-session EOF # light-locker fix mv /usr/bin/light-locker /usr/bin/light-locker.orig cat <<EOF | sudo tee /usr/bin/light-locker #!/bin/sh # The light-locker uses XDG_SESSION_PATH provided by lightdm. if [ ! -z "\${XDG_SESSION_PATH}" ]; then /usr/bin/light-locker.orig else # Disable light-locker in XRDP. true fi EOF # Configure the policy xrdp session # @note -> Authentication Required to Create Managed Color Device # https://c-nergy.be/blog/?p=12073 cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf polkit.addRule(function(action, subject) { if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile" //-- no group restriction; allow any user to manipulate color profiles! //-- uncomment and substitude adm with the group you need, if needed. // ) && ( // subject.isInGroup("{adm}") )) { return polkit.Result.YES; } }); EOF systemctl restart polkit # Xrdp uses “/etc/ssl/private/ssl-cert-snakeoil.key” file and only the # users of the “ssl-cert” group can read it adduser xrdp ssl-cert # enable firewall ufw enable # set - allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 # to connect to the RDP port using TCP ufw allow from 192.168.1.0/24 to any port 3389 proto tcp ufw allow from 192.168.1.0/24 to any port 22 proto tcp # check ufw status numbered # # End XRDP ############################################################################### echo "Install is complete." echo "If Remmina enable - Glyph Cache" echo "Reboot your machine to begin using XRDP..."