mention sudo membership prerequisite

Update README.md
2025-12-14 02:12:31 +00:00 · 2023-08-05 23:02:32 +10:00 · 2023-08-05 23:02:32 +10:00 · 31f4a7f685
commit 31f4a7f685
parent 35e2af54f7
1 changed files with 12 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -11,12 +11,13 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 ```
 ## **Prerequisites**
- ### PLEASE NOTE: DEBIAN 12 & Tomcat10 NOT COMPATIBLE AT PRESENT - SEE ISSUE #10
+ ### PLEASE NOTE: DEBIAN 12 & Tomcat 10 NOT COMPATIBLE - SEE ISSUE #10
- Ubuntu 18.04 - 22.x / Debian 10 & 11 / Raspbian Buster or Bullseye
+- Ubuntu 18.04 - 22.x / Debian 11 & 10 / Raspbian Buster or Bullseye
 - Minimum 8GB RAM and 40GB HDD
 - Public or private DNS entries that match the default physical interface IP address (required for SSL)
 - Incoming access on TCP ports 22, 80, and 443
 - The user executing the wget installer script **must be a member of the sudo group**
 ## **Setup Menu Flow**
@ -39,7 +40,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 ## **Optional post install hardening**
-The installer downloads additional scripts for:
+The installer downloads additional scripts to manually run for:
 - Adding a fail2ban lockdown policy for Guacamole `add-fail2ban.sh`
 - Encrypting internal traffic between the Guacamole client and Guacd daemon with SSL `add-ssl-guac-gaucd.sh`
 - Integrating with Active Directory (See ACTIVE-DIRECTORY-HOW-TO.md) `add-auth-ldap.sh`
@ -48,7 +49,7 @@ The installer downloads additional scripts for:
 ## **Installation notes**
 To create a custom or unattended setup, follow these steps:
-1. From a terminal session, change to your home directory then paste and run above wget link.
+1. From a terminal session, change to your home directory then paste and run the above wget link.
 2. Exit `1-setup.sh` script at the first prompt. (At this point only the scripts have been downloaded).
 3. Edit the "Silent setup options" section of `1-setup.sh`. 
    - *Note that script variables with an actual setting (e.g., `VARIABLE="value"`) will NOT prompt during the interactive setup. This means that with the right combination of variable inputs, it is possible to mass deploy a full Guacamole appliance with Nginx & SSL with zero touch.*
@ -56,24 +57,22 @@ To create a custom or unattended setup, follow these steps:
      - *For adaptations made to any other downloaded script, you must comment out the relevant wget lines in the "Download GitHub Setup" section at the top of `1-setup.sh` to prevent these from being re-downloaded and overwritten as well.* 
      - *There should be no need to customise any scripts other than `1-setup.sh` as all install options are managed in the first parent script.* 
      - *Be aware that all optional (manually run) `add-xxxx.sh` scripts are dynamically updated during the installation with the exact variables you selected at install. Editing anything other than `1-setup.sh` may break this functionality, so make changes only if you understand the impacts.*
-5. Self signed client SSL certificates are saved in the `$DOWNLOAD_DIR/guac-setup` directory.
+5. Self signed client TLS certificates are saved in the `$DOWNLOAD_DIR/guac-setup` directory.
-## **Setup script download Manifest**
+## **Setup script download manifest**
 The setup command mentioned above downloads the following items into the `$DOWNLOAD_DIR/guac-setup` directory:
 - `1-setup.sh`: The parent install script itself
 - `2-install-guacamole.sh`: Guacamole installation script (inspired by [MysticRyuujin/guac-install](https://github.com/MysticRyuujin/guac-install))
 - `3-install-nginx.sh`: Installs Nginx & auto-configures a front-end reverse proxy for Guacamole (optional)
- `4a-install-ssl-self-signed-nginx.sh`: Configures self-signed SSL certificates for Nginx proxy (optional)
+- `4a-install-ssl-self-signed-nginx.sh`: Configures self-signed TLS certificate for Nginx proxy (optional)
 - `4b-install-ssl-letsencrypt-nginx.sh`: Installs & configures Let's Encrypt with Guacamole & Nginx proxy (optional)
- `add-auth-duo.sh`: Adds the Duo MFA extensions if not selected during install (optional)
+- `add-auth-duo.sh`: Adds the Duo MFA extension if not selected during install (optional)
 - `add-auth-ldap.sh`: Adds the Active Directory extension and setup template if not selected at install (optional)
 - `add-auth-totp.sh`: Adds the TOTP MFA extension if not selected at install (optional)
- `add-ssl-guac-gaucd.sh`: A hardening script to wrap traffic between the guacd server & the Guacamole client application in TLS (optional)
+- `add-ssl-guac-gaucd.sh`: A hardening script to add a TLS wrapper for guacd daemon to Guacamole client application traffic (optional)
 - `add-fail2ban.sh`: Adds a fail2ban policy (with local subnet override) to secure Guacamole against external brute force attacks
 - `add-smtp-relay-o365.sh`: Sets up a TLS/SMTP auth relay with O365 for monitoring & alerts (BYO app password)
 - `backup-guacamole.sh`: A simple Guacamole backup script
- `branding.jar`: An example customised Guacamole login screen to brand Guacamole to your own requirements (or delete to keep the default interface.) This is a modified version of https://github.com/Zer0CoolX/guacamole-customize-loginscreen-extension but with with additional support for browser favicons.
+- `branding.jar`: An example customised Guacamole login screen extension to allow you to brand Guacamole to your own requirements (delete to keep the default interface.) This is a version of https://github.com/Zer0CoolX/guacamole-customize-loginscreen-extension but has been further tweaked to additionally support custom browser tab favicons.
 Special acknowledgement to [MysticRyuujin](https://github.com/MysticRyuujin/guac-install) whose repository provided many helpful ideas in assembling this project.