Last active
September 18, 2023 13:22
-
-
Save fetchTe/52f3c55d5a1bd99c872b3e79b3965308 to your computer and use it in GitHub Desktop.
install-xrdp-openbox.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # Update our machine to the latest code if we need to. | |
| HWE="-hwe-20.04" | |
| # HWE="-hwe-18.04" | |
| ############################################################################### | |
| # !!!IMPORTANT!!!! | |
| # If you don't want to use openbox you need change this per distro | |
| # ex: echo "xfce4-session" > ~/.xsession | |
| config_distro() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Config distro... \e[0m" | |
| echo | |
| # set XRDP with session at user's home directory | |
| apt install -y openbox-lxde-session | |
| echo "openbox-session" > ~/.xsession | |
| } | |
| ############################################################################### | |
| # Update our machine to the latest code if we need to. | |
| if [ "$(id -u)" -ne 0 ]; then | |
| echo 'This script must be run with root privileges' >&2 | |
| exit 1 | |
| fi | |
| apt update && apt upgrade -y | |
| if [ -f /var/run/reboot-required ]; then | |
| echo "A reboot is required in order to proceed with the install." >&2 | |
| echo "Please reboot and re-run this script to finish the install." >&2 | |
| exit 1 | |
| fi | |
| ############################################################################### | |
| # install base XRDP | |
| install_base() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Installing xrdp base... \e[0m" | |
| echo | |
| # Install hv_kvp utils | |
| apt install -y linux-generic${HWE} | |
| apt install -y net-tools | |
| # Install the xrdp service so we have the auto start behavior | |
| apt install -y xrdp | |
| systemctl stop xrdp | |
| systemctl stop xrdp-sesman | |
| # Configure the installed XRDP ini files. | |
| # use rdp security. | |
| sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' /etc/xrdp/xrdp.ini | |
| # remove encryption validation. | |
| sed -i_orig -e 's/crypt_level=high/crypt_level=low/g' /etc/xrdp/xrdp.ini | |
| # disable bitmap cache - weird login session | |
| sed -i_orig -e 's/bitmap_cache=true/bitmap_cache=false/g' /etc/xrdp/xrdp.ini | |
| # disable bitmap compression since its local its much faster | |
| sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini | |
| # # Allow multiple sessions (local and remote) for the same use | |
| # apt remove dbus-user-session | |
| # apt install dbus-x11 | |
| } | |
| ############################################################################### | |
| # fix: rdesktop's black-square cursor | |
| fix_rdesktop() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fix rdesktop... \e[0m" | |
| echo | |
| sed -e 's/^new_cursors=true/new_cursors=false/g' \ | |
| -i /etc/xrdp/xrdp.ini | |
| } | |
| ############################################################################### | |
| # fix: light-locker | |
| fix_light_locker() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fix light_locker... \e[0m" | |
| echo | |
| mv /usr/bin/light-locker /usr/bin/light-locker.orig | |
| cat <<EOF | sudo tee /usr/bin/light-locker | |
| #!/bin/sh | |
| # The light-locker uses XDG_SESSION_PATH provided by lightdm. | |
| if [ ! -z "\${XDG_SESSION_PATH}" ]; then | |
| /usr/bin/light-locker.orig | |
| else | |
| # Disable light-locker in XRDP. | |
| true | |
| fi | |
| EOF | |
| } | |
| ############################################################################### | |
| # fix: display issue of gray/black screen | |
| fix_gray_screen() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fix grey screen... \e[0m" | |
| echo | |
| mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.sh.backup | |
| cat <<EOF > /etc/xrdp/startwm.sh | |
| #!/bin/sh | |
| if [ -r /etc/default/locale ]; then | |
| . /etc/default/locale | |
| export LANG LANGUAGE | |
| fi | |
| exec openbox-session | |
| EOF | |
| } | |
| ############################################################################### | |
| # fix_polkit | |
| fix_polkit() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fix Polkit... \e[0m" | |
| echo | |
| cat > /etc/polkit-1/localauthority/50-local.d/45-allow.colord.pkla <<EOF | |
| [Allow Colord all Users] | |
| Identity=unix-user:* | |
| Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile | |
| ResultAny=no | |
| ResultInactive=no | |
| ResultActive=yes | |
| EOF | |
| #Not to apply to Ubuntu 18.04 version but to others....This caused an issue on Ubuntu 18.04 | |
| if [[ "HWE" != *"-hwe-18.04"* ]]; | |
| then | |
| cat > /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla <<EOF | |
| [Allow Package Management all Users] | |
| Identity=unix-user:* | |
| Action=org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-network-proxy-configure | |
| ResultAny=yes | |
| ResultInactive=yes | |
| ResultActive=yes | |
| EOF | |
| fi | |
| } | |
| ################################################################################ | |
| # install_tweak | |
| install_tweak() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Install Tweaks... \e[0m" | |
| echo | |
| # Install Tweaks Utilty if Gnome desktop used (Optional) | |
| if [[ "HWE" != *"-hwe-18.04"* ]]; | |
| then | |
| apt-get install gnome-tweaks -y | |
| apt-get install gnome-shell-extensions -y | |
| EOF | |
| fi | |
| } | |
| ################################################################################ | |
| # create_firewall | |
| create_firewall() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Create firewall... \e[0m" | |
| echo | |
| # enable firewall | |
| ufw enable | |
| # set - allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 | |
| # to connect to the RDP port using TCP | |
| ufw allow from 192.168.1.0/24 to any port 3389 proto tcp | |
| ufw allow from 192.168.1.0/24 to any port 22 proto tcp | |
| } | |
| ################################################################################ | |
| # allow_console | |
| allow_console() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Configuring Allow Console Access... \e[0m" | |
| echo | |
| # Checking if Xwrapper file exists | |
| if [ -f /etc/X11/Xwrapper.config ] | |
| then | |
| sudo sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config | |
| else | |
| sudo bash -c "cat >/etc/X11/Xwrapper.config" <<EOF | |
| allowed_users=anybody | |
| EOF | |
| fi | |
| } | |
| #---------------------------------------------------# | |
| # Function 14 - Fix SSL Minor Issue .... | |
| #---------------------------------------------------# | |
| ################################################################################ | |
| # fix_ssl | |
| fix_ssl() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fixing SSL Permissions settings... \e[0m" | |
| echo | |
| if id -Gn xrdp | grep ssl-cert | |
| then | |
| /bin/echo -e "\e[1;32m !--xrdp already member ssl-cert...Skipping ---!\e[0m" | |
| else | |
| sudo adduser xrdp ssl-cert | |
| fi | |
| } | |
| #---------------------------------------------------# | |
| # Function 15 - Fixing env variables in XRDP .... | |
| #---------------------------------------------------# | |
| ################################################################################ | |
| # fix_env | |
| fix_env() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Fixing xRDP env Variables... \e[0m" | |
| echo | |
| #Add this line to /etc/pam.d/xrdp-sesman if not present | |
| if grep -Fxq "session required pam_env.so readenv=1 user_readenv=0" /etc/pam.d/xrdp-sesman | |
| then | |
| echo "Env settings already set" | |
| else | |
| sudo sed -i '1 a session required pam_env.so readenv=1 user_readenv=0' /etc/pam.d/xrdp-sesman | |
| fi | |
| } | |
| #---------------------------------------------------# | |
| # Function 7 - create services .... | |
| #---------------------------------------------------# | |
| ################################################################################ | |
| # enable_service | |
| enable_service() { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| Creating and configuring xRDP services \e[0m" | |
| echo | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable xrdp.service | |
| sudo systemctl enable xrdp-sesman.service | |
| sudo systemctl start xrdp | |
| } | |
| ################################################################################ | |
| # print_config | |
| print_config() | |
| { | |
| echo | |
| /bin/echo -e "\e[1;33m |-| CONFIG: Firewall \e[0m" | |
| echo | |
| ufw status numbered | |
| echo | |
| /bin/echo -e "\e[1;33m |-| CONFIG: ifconfig \e[0m" | |
| echo | |
| ifconfig | |
| echo | |
| /bin/echo -e "\e[1;32m |!| DONE: Install is complete \e[0m" | |
| echo | |
| echo | |
| /bin/echo -e "\e[1;33m |-| NOTE: Remmina users: enable 'Glyph Cache' \e[0m" | |
| echo | |
| echo | |
| /bin/echo -e "\e[1;32m |!| Reboot your machine to begin using XRDP... \e[0m" | |
| echo | |
| } | |
| ############################################################################### | |
| # Setup - comment/un-comment based on needs | |
| # | |
| install_xrdp() | |
| { | |
| install_base | |
| config_distro | |
| install_tweak | |
| create_firewall | |
| fix_polkit | |
| allow_console | |
| fix_ssl | |
| fix_env | |
| # fix_rdesktop | |
| # fix_light_locker | |
| # fix_gray_screen | |
| enable_service | |
| print_config | |
| } | |
| install_xrdp | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment