Debian 12 working ok

1-setup.sh

@@ -438,7 +438,7 @@ fi
 
 echo -e ${GREY}
 # Prompt for preferred backup notification email address
-if [[ -z ${BACKUP_EMAIL} ]]; then
+if [ -z ${BACKUP_EMAIL} ]; then
 	while true; do
 		read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
 		[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break

2-install-guacamole.sh

@@ -615,7 +615,7 @@ fi
 if [ "${CHANGE_ROOT}" = true ]; then
 	echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
 	systemctl stop ${TOMCAT_VERSION}
-	mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html index.html.old
+	mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old
 	touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
 	echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
 	systemctl start ${TOMCAT_VERSION}
@@ -663,7 +663,6 @@ if [ $? -ne 0 ]; then
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
-	echo
 fi
 
 # Done

README.md

@@ -10,11 +10,11 @@
 wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
 ```
 
-## Prerequisites
+## Prerequisites (Debian 12 now working!)
 
 <img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
 
-- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10 or 11, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
+- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10, 11 or 12, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
 - Minimum 8GB RAM and 40GB HDD.
 - DNS entries matching your default appliance network interface IP (essential for TLS).
 - Open TCP ports: 22, 80, and 443.

guac-management/useful-config-info.txt

@@ -1,92 +1,92 @@
-#########################
+#########################
-Connection setup tips:
+Connection setup tips:
-#########################
+#########################
-# Quick connection syntax (Windows 10 RDP)
+# Quick connection syntax (Windows 10 RDP)
-    rdp://user@xxx.xxx.xxx.xxx/?security=nla&ignore-cert=true
+    rdp://user@xxx.xxx.xxx.xxx/?security=nla&ignore-cert=true
-
+
-# To view links to recorded sessions from within the connection history page:
+# To view links to recorded sessions from within the connection history page:
-    1. Install the history-recording-storage option
+    1. Install the history-recording-storage option
-    2. For each connection configuration profile, in the Screen Recording section set:
+    2. For each connection configuration profile, in the Screen Recording section set:
-          Recording Path = ${HISTORY_PATH}/${HISTORY_UUID}
+          Recording Path = ${HISTORY_PATH}/${HISTORY_UUID}
-          Automatically create recording path = tick
+          Automatically create recording path = tick
-
+
-# To create a quasi SSO pass through for LDAP and others, for each connection configuration profile:
+# To create a quasi SSO pass through for LDAP and others, for each connection configuration profile:
-    Add ${GUAC_USERNAME} to the Username field for each connection profile
+    Add ${GUAC_USERNAME} to the Username field for each connection profile
-    Add ${GUAC_PASSWORD} to the Password field for each connection profile
+    Add ${GUAC_PASSWORD} to the Password field for each connection profile
-
+
-
+
-####################
+####################
-Guacamole Debug mode
+Guacamole Debug mode
-####################
+####################
-sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f  #Verbose logs will start in the console.
+sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f  #Verbose logs will start in the console.
-
+
-
+
-################################################
+################################################
-Switch to Debian Testing repo 
+Switch to Debian Testing repo 
-(upgrade/bugfix beyond a current stable package)
+(upgrade/bugfix beyond a current stable package)
-################################################
+################################################
-sudo apt update && sudo apt upgrade -y # Update first 
+sudo apt update && sudo apt upgrade -y # Update first 
-sudo cp /etc/apt/sources.list sources.list.backup # Backup sources list 
+sudo cp /etc/apt/sources.list sources.list.backup # Backup sources list 
-sudo sed -i 's/bullseye/testing/g' /etc/apt/sources.list # Switch to testing 
+sudo sed -i 's/bullseye/testing/g' /etc/apt/sources.list # Switch to testing 
-
+
-sudo nano /etc/apt/sources.list # Now manually edit
+sudo nano /etc/apt/sources.list # Now manually edit
-	comment out all lines having "security.debian.org" 
+	comment out all lines having "security.debian.org" 
-	comment out all lines that end with "updates"
+	comment out all lines that end with "updates"
-	add this line: deb http://security.debian.org testing-security main
+	add this line: deb http://security.debian.org testing-security main
-
+
-sudo apt update && sudo apt-get install --only-upgrade libssh2-1-dev # update an individual package
+sudo apt update && sudo apt-get install --only-upgrade libssh2-1-dev # update an individual package
-
+
-
+
-
+
-###############################################
+###############################################
-Audit Guacamole Connections and User access.
+Audit Guacamole Connections and User access.
-###############################################
+###############################################
-mysql -u root -p guacamole_db
+mysql -u root -p guacamole_db
-select 
+select 
-    guacamole_entity.name, 
+    guacamole_entity.name, 
-    guacamole_connection.connection_name, 
+    guacamole_connection.connection_name, 
-    guacamole_connection_permission.permission 
+    guacamole_connection_permission.permission 
-from 
+from 
-    guacamole_connection 
+    guacamole_connection 
-    left join guacamole_connection_permission on guacamole_connection_permission.connection_id = guacamole_connection.connection_id 
+    left join guacamole_connection_permission on guacamole_connection_permission.connection_id = guacamole_connection.connection_id 
-    left join guacamole_entity on guacamole_entity.entity_id = guacamole_connection_permission.entity_id 
+    left join guacamole_entity on guacamole_entity.entity_id = guacamole_connection_permission.entity_id 
-where 
+where 
-    guacamole_connection_permission.permission = 'READ' 
+    guacamole_connection_permission.permission = 'READ' 
-    and guacamole_entity.name != 'guacadmin';
+    and guacamole_entity.name != 'guacadmin';
-Quit to exit
+Quit to exit
-
+
-
+
-###############################################
+###############################################
-# Manually reset TOTP configuration for a user 
+# Manually reset TOTP configuration for a user 
-###############################################
+###############################################
-# This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference.
+# This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference.
-mysql -u root -p
+mysql -u root -p
-use guacamole_db;
+use guacamole_db;
-SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';
+SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';
-UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
+UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
-quit;
+quit;
-
+
-
+
-###############################################
+###############################################
-# Quick troubleshoot SQL commands
+# Quick troubleshoot SQL commands
-###############################################
+###############################################
-# Login
+# Login
-sudo mysql -u root -p
+sudo mysql -u root -p
-
+
-# Check time zone
+# Check time zone
-SELECT @@time_zone;
+SELECT @@time_zone;
-
+
-# Rename user from local to remove access
+# Rename user from local to remove access
-use guacamole_db;
+use guacamole_db;
-RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';
+RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';
-
+
-# Check user access
+# Check user access
-SELECT user,host FROM mysql.user;
+SELECT user,host FROM mysql.user;
-SHOW GRANTS FOR guacamole_user;
+SHOW GRANTS FOR guacamole_user;
-
+
-#########################
+#########################
-Nginx load / DoS testing 
+Nginx load / DoS testing 
-#########################
+#########################
-https://ourcodeworld.com/articles/read/949/how-to-perform-a-dos-attack-slow-http-with-slowhttptest-test-your-server-slowloris-protection-in-kali-linux
+https://ourcodeworld.com/articles/read/949/how-to-perform-a-dos-attack-slow-http-with-slowhttptest-test-your-server-slowloris-protection-in-kali-linux
-slowhttptest -c 10000 -H -g -o ./output_file -i 3 -r 500 -t GET -u http://jumpbox.domain.com -x 24 -p 2
+slowhttptest -c 10000 -H -g -o ./output_file -i 3 -r 500 -t GET -u http://jumpbox.domain.com -x 24 -p 2
-
+