someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-13 18:02:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed for Debian 12 and Ubuntu 23.04

Browse source 
Debian 12 ready, Ubuntu 23.04 ready

code final review
normalized to uniform [[  ]] use, and shfmt to 4 space indents
Changes redirect variable name
fixed db installing server and client for client installs
small tidy ups
This commit is contained in:
itiligent 2023-09-10 22:39:54 +10:00
parent a7f8ee6439
commit d150332e63
20 changed files with 1355 additions and 1337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

644
1-setup.sh
View file

@ -40,30 +40,30 @@ NC='\033[0m' #No Colour
# Make sure the user is NOT running this script as root
if [[ $EUID -eq 0 ]]; then
echo
echo -e "${LRED}This script must NOT be run as root, exiting..." 1>&2
echo -e ${NC}
exit 1
echo
echo -e "${LRED}This script must NOT be run as root, exiting..." 1>&2
echo -e ${NC}
exit 1
fi
# Make sure the user is a member of the sudo group
if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then
echo
echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
echo -e ${NC}
exit 1
if ! [[ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]]; then
echo
echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
echo -e ${NC}
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
# Core setup variables and mandatory inputs ###########################################################################
# Core setup variables and mandatory inputs - EDIT VARIABLE VALUES TO SUIT ############################################
#######################################################################################################################
# Setup download and temp directory paths
@ -87,32 +87,18 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
# See https://mariadb.org/mariadb/all-releases/ for available versions.
# Provide a specific MySQL version e.g. 11.1.2 or leave blank to use distro default MySQL packages.
MYSQL_VERSION=""
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLS="default-mysql-server default-mysql-client mysql-common"
MYSQLC="default-mysql-client"
DB_CMD="mysql" # mysql command is depricated
if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version.
MYSQLSRV="default-mysql-server default-mysql-client mysql-common" # Server
MYSQLCLIENT="default-mysql-client" # Client
DB_CMD="mysql" # mysql command is depricated
else
# Use official mariadb.org repo
MYSQLS="mariadb-server mariadb-client mariadb-common"
MYSQLC="mariadb-client"
DB_CMD="mariadb" # mysql command is depricated on newer versions
# Use official mariadb.org repo
MYSQLSRV="mariadb-server mariadb-client mariadb-common" # Server
MYSQLCLIENT="mariadb-client" # Client
DB_CMD="mariadb" # mysql command is depricated on newer versions
fi
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
# Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
@ -123,7 +109,8 @@ GUAC_URL=http://localhost:8080/guacamole/
# Here the variables for OS variant and library dependency names are initialised.
source /etc/os-release
OS_FLAVOUR=$ID
OS_VERSION=$VERSION
OS_VERSION=$VERSION_ID
OS_CODENAME=$VERSION_CODENAME
JPEGTURBO=""
LIBPNG=""
@ -131,31 +118,31 @@ LIBPNG=""
# Get the default route interface IP
DEFAULT_IP=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1)
get_domain_suffix() {
echo "$1" | awk '{print $2}'
echo "$1" | awk '{print $2}'
}
# Search for "search" and "domain" entries in /etc/resolv.conf
search_line=$(grep -E '^search[[:space:]]+' /etc/resolv.conf)
domain_line=$(grep -E '^domain[[:space:]]+' /etc/resolv.conf)
# Check if both "search" and "domain" lines exist
if [ -n "$search_line" ] && [ -n "$domain_line" ]; then
# Both "search" and "domain" lines exist, extract the domain suffix from both
search_suffix=$(get_domain_suffix "$search_line")
domain_suffix=$(get_domain_suffix "$domain_line")
# Print the domain suffix that appears first
if [ ${#search_suffix} -lt ${#domain_suffix} ]; then
DOMAIN_SUFFIX=$search_suffix
else
DOMAIN_SUFFIX=$domain_suffix
fi
elif [ -n "$search_line" ]; then
# If only "search" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
elif [ -n "$domain_line" ]; then
# If only "domain" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
if [[ -n "$search_line" ]] && [[ -n "$domain_line" ]]; then
# Both "search" and "domain" lines exist, extract the domain suffix from both
search_suffix=$(get_domain_suffix "$search_line")
domain_suffix=$(get_domain_suffix "$domain_line")
# Print the domain suffix that appears first
if [[ ${#search_suffix} -lt ${#domain_suffix} ]]; then
DOMAIN_SUFFIX=$search_suffix
else
DOMAIN_SUFFIX=$domain_suffix
fi
elif [[ -n "$search_line" ]]; then
# If only "search" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
elif [[ -n "$domain_line" ]]; then
# If only "domain" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
else
# If no "search" or "domain" lines found
DOMAIN_SUFFIX="local"
# If no "search" or "domain" lines found
DOMAIN_SUFFIX="local"
fi
# Setup directory locations
@ -171,7 +158,7 @@ echo
echo
#######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ########################
# Silent setup options - true/false or specific values below prevents prompt at install. EDIT TO SUIT #################
#######################################################################################################################
SERVER_NAME="" # Preferred server hostname
LOCAL_DOMAIN="" # Local DNS space in use
@ -190,7 +177,7 @@ INSTALL_LDAP="" # Add Active Directory extension (true/false)
INSTALL_QCONNECT="" # Add Guacamole console quick connect feature
INSTALL_HISTREC="" # Add Guacamole history recording storage feature
HISTREC_PATH="" # Path to save recorded sessions, default is /var/lib/guacamole/recordings
CHANGE_ROOT="" # Set default Guacamole URL to http root (remove extra "/guacamole" from the default URL)
GUAC_URL_REDIR="" # Redirect default Guacamole URL to http root (skip typing the extra "/guacamole" in the URL)
INSTALL_NGINX="" # Install and configure Guacamole behind Nginx reverse proxy (http port 80 only, true/false)
PROXY_SITE="" # Local DNS name for reverse proxy and/or self signed TLS certificates
SELF_SIGN="" # Add self signed TLS support to Nginx (Let's Encrypt not available with this option, true/false)
@ -210,7 +197,7 @@ RDP_SHARE_LABEL="RDP Share" # Custom Windows RDP share drive label (e.g. RDP
RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
#######################################################################################################################
# Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
# Download GitHub setup scripts. To prevent overwrite, COMMENT OUT LINES OF ANY SCRIPTS YOU HAVE EDITED. ##############
#######################################################################################################################
# Download the set of config scripts from GitHub
@ -255,13 +242,41 @@ echo
sudo chmod -R 770 $TMP_DIR
sudo chown -R $SUDO_USER:root $TMP_DIR
# Workaround for current Debian 12 & Tomcat 10 incompatibilities (Experimental in August 2023)
if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then
# Add the oldstable repo and downgrade tomcat version install
echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
TOMCAT_VERSION="tomcat9"
#######################################################################################################################
# Determine the correct version of Tomcat use #########################################################################
#######################################################################################################################
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Workaround for current Debian 12 & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "debian" ]] && [[ ${OS_CODENAME,,} = *"bookworm"* ]]; then #(checks for upper and lower case)
# Add the oldstable repo and downgrade tomcat version install
echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
TOMCAT_VERSION="tomcat9"
fi
# Workaround for Ubuntu 23.x & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "ubuntu" ]] && [[ ${OS_CODENAME,,} = *"lunar"* ]]; then #(checks for upper and lower case)
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
#######################################################################################################################
# DO NOT EDIT PAST THIS POINT #########################################################################################
#######################################################################################################################
#######################################################################################################################
# Begin install menu prompts ##########################################################################################
#######################################################################################################################
@ -272,70 +287,70 @@ fi
# Ensure SERVER_NAME is consistent with local host entries
if [[ -z ${SERVER_NAME} ]]; then
echo -e "${LYELLOW}Update Linux system HOSTNAME [Enter to keep: ${HOSTNAME}]${LGREEN}"
read -p " Enter new HOSTNAME : " SERVER_NAME
# If hit enter making no SERVER_NAME change, assume the existing hostname as current
if [[ "${SERVER_NAME}" = "" ]]; then
SERVER_NAME=$HOSTNAME
fi
echo
# A SERVER_NAME was derived via the prompt
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
echo -e "${LYELLOW}Update Linux system HOSTNAME [Enter to keep: ${HOSTNAME}]${LGREEN}"
read -p " Enter new HOSTNAME : " SERVER_NAME
# If hit enter making no SERVER_NAME change, assume the existing hostname as current
if [[ "${SERVER_NAME}" = "" ]]; then
SERVER_NAME=$HOSTNAME
fi
echo
# A SERVER_NAME was derived via the prompt
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
else
echo
# A SERVER_NAME value was derived from a pre-set silent install option.
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
echo
# A SERVER_NAME value was derived from a pre-set silent install option.
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
fi
# Ensure SERVER_NAME, LOCAL_DOMAIN suffix and host entries are all consistent
if [[ -z ${LOCAL_DOMAIN} ]]; then
echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: ${DOMAIN_SUFFIX}]${LGREEN}"
read -p " Enter FULL LOCAL DOMAIN NAME: " LOCAL_DOMAIN
# If hit enter making no LOCAL_DOMAIN name change, assume the existing domain suffix as current
if [[ "${LOCAL_DOMAIN}" = "" ]]; then
LOCAL_DOMAIN=$DOMAIN_SUFFIX
fi
echo
# A LOCAL_DOMAIN value was derived via the prompt
# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: ${DOMAIN_SUFFIX}]${LGREEN}"
read -p " Enter FULL LOCAL DOMAIN NAME: " LOCAL_DOMAIN
# If hit enter making no LOCAL_DOMAIN name change, assume the existing domain suffix as current
if [[ "${LOCAL_DOMAIN}" = "" ]]; then
LOCAL_DOMAIN=$DOMAIN_SUFFIX
fi
echo
# A LOCAL_DOMAIN value was derived via the prompt
# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
else
echo
# A LOCAL_DOMIN value was derived from a pre-set silent install option.
# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
echo
# A LOCAL_DOMIN value was derived from a pre-set silent install option.
# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
fi
# Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
# Values are merged to build a local FQDN value (used for the default reverse proxy site name.)
DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
# The RDP share label default can now assume the updated $SERVER_NAME value if not manually specified in silent setup options.
# The RDP share label default can now assume the updated $SERVER_NAME value (if not manually specified in silent setup options).
if [[ -z ${RDP_SHARE_HOST} ]]; then
RDP_SHARE_HOST=$SERVER_NAME
RDP_SHARE_HOST=$SERVER_NAME
fi
clear
@ -350,29 +365,29 @@ echo
# Prompt the user to install MySQL
echo -e "${LGREEN}MySQL setup options:${GREY}"
if [[ -z ${INSTALL_MYSQL} ]]; then
echo -e -n "SQL: Install MySQL locally? (to use a remote MySQL Server select 'n') [Y/n] [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
INSTALL_MYSQL=false
else
INSTALL_MYSQL=true
fi
echo -e -n "SQL: Install MySQL locally? (to use a remote MySQL Server select 'n') [Y/n] [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
INSTALL_MYSQL=false
else
INSTALL_MYSQL=true
fi
fi
# Prompt the user to apply the Mysql secure installation locally
if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = true ]; then
echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
SECURE_MYSQL=false
else
SECURE_MYSQL=true
fi
if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
SECURE_MYSQL=false
else
SECURE_MYSQL=true
fi
fi
# Prompt the user to apply the Mysql secure installation to remote db
# This may be problematic on remote databases (for one-script upgrades) as this addition removes remote root login access - a good thing.
#if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = false ]; then
#if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = false ]]; then
# echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/N] [default n]: ${GREY}"
# read PROMPT
# if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
@ -383,243 +398,243 @@ fi
#fi
# Get additional MYSQL values
if [ "${INSTALL_MYSQL}" = false ]; then
[ -z "${MYSQL_HOST}" ] &&
read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
[ -z "${MYSQL_PORT}" ] &&
read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
[ -z "${GUAC_DB}" ] &&
read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
[ -z "${GUAC_USER}" ] &&
read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
if [[ "${INSTALL_MYSQL}" = false ]]; then
[[ -z "${MYSQL_HOST}" ]] &&
read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
[[ -z "${MYSQL_PORT}" ]] &&
read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
[[ -z "${GUAC_DB}" ]] &&
read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
[[-z "${GUAC_USER}" ]] &&
read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
fi
# Checking if a mysql host given, if not set a default
if [ -z "${MYSQL_HOST}" ]; then
MYSQL_HOST="localhost"
if [[ -z "${MYSQL_HOST}" ]]; then
MYSQL_HOST="localhost"
fi
# Checking if a mysql port given, if not set a default
if [ -z "${MYSQL_PORT}" ]; then
MYSQL_PORT="3306"
if [[ -z "${MYSQL_PORT}" ]]; then
MYSQL_PORT="3306"
fi
# Checking if a database name given, if not set a default
if [ -z "${GUAC_DB}" ]; then
GUAC_DB="guacamole_db"
if [[ -z "${GUAC_DB}" ]]; then
GUAC_DB="guacamole_db"
fi
# Checking if a mysql user given, if not set a default
if [ -z "${GUAC_USER}" ]; then
GUAC_USER="guacamole_user"
if [[ -z "${GUAC_USER}" ]]; then
GUAC_USER="guacamole_user"
fi
echo -e ${LMAGENTA}
# Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances.
if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2
echo
[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2
done
if [[ -z "${MYSQL_ROOT_PWD}" ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2
echo
[[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ]] && [[ "${MYSQL_ROOT_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2
done
fi
echo -e ${LCYAN}
# Get Guacamole User password, confirm correct password entry and prevent blank passwords
if [ -z "${GUAC_PWD}" ]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
echo
[ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2
done
if [[ -z "${GUAC_PWD}" ]]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
echo
[[ "${GUAC_PWD}" = "${PROMPT2}" ]] && [[ "${GUAC_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2
done
fi
echo -e ${GREY}
# Prompt for preferred backup notification email address
if [ -z ${BACKUP_EMAIL} ]; then
while true; do
read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break
# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
# [ "${BACKUP_EMAIL}" != "" ] && break
# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
if [[ -z ${BACKUP_EMAIL} ]]; then
while true; do
read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
[[ "${BACKUP_EMAIL}" = "" ]] || [[ "${BACKUP_EMAIL}" != "" ]] && break
# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
# [[ "${BACKUP_EMAIL}" != "" ]] && break
# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
fi
# If no backup notification email address is given, provide a default value
if [ -z ${BACKUP_EMAIL} ]; then
BACKUP_EMAIL="backup-email@yourdomain.com"
if [[ -z ${BACKUP_EMAIL} ]]; then
BACKUP_EMAIL="backup-email@yourdomain.com"
fi
echo
# Prompt the user to install TOTP MFA
echo -e "${LGREEN}Guacamole authentication extension options:${GREY}"
if [[ -z "${INSTALL_TOTP}" ]] && [[ "${INSTALL_DUO}" != true ]]; then
echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) [y/N]? [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_TOTP=true
INSTALL_DUO=false
else
INSTALL_TOTP=false
fi
echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) [y/N]? [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_TOTP=true
INSTALL_DUO=false
else
INSTALL_TOTP=false
fi
fi
# Prompt the user to install Duo MFA
if [[ -z "${INSTALL_DUO}" ]] && [[ "${INSTALL_TOTP}" != true ]]; then
echo -e -n "${GREY}AUTH: Install Duo? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_DUO=true
INSTALL_TOTP=false
else
INSTALL_DUO=false
fi
echo -e -n "${GREY}AUTH: Install Duo? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_DUO=true
INSTALL_TOTP=false
else
INSTALL_DUO=false
fi
fi
# We can't install TOTP and Duo at the same time (option not supported by Guacamole)
if [[ "${INSTALL_TOTP}" = true ]] && [[ "${INSTALL_DUO}" = true ]]; then
echo -e "${LRED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
exit 1
echo -e "${LRED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
exit 1
fi
# Prompt the user to install Duo MFA
if [[ -z "${INSTALL_LDAP}" ]]; then
echo -e -n "${GREY}AUTH: Install LDAP? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_LDAP=true
else
INSTALL_LDAP=false
fi
echo -e -n "${GREY}AUTH: Install LDAP? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_LDAP=true
else
INSTALL_LDAP=false
fi
fi
echo
# Prompt the user to install the Quick Connect feature (some higher security use cases may not want this)
echo -e "${LGREEN}Guacamole console optional extras:${GREY}"
if [[ -z "${INSTALL_QCONNECT}" ]]; then
echo -e -n "${GREY}EXTRAS: Install Quick Connect feature? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_QCONNECT=true
else
INSTALL_QCONNECT=false
fi
echo -e -n "${GREY}EXTRAS: Install Quick Connect feature? [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_QCONNECT=true
else
INSTALL_QCONNECT=false
fi
fi
# Prompt the user to install the History Recorded Storage feature
if [[ -z "${INSTALL_HISTREC}" ]]; then
echo -e -n "${GREY}EXTRAS: Install History Recorded Storage (session replay console integration) [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_HISTREC=true
else
INSTALL_HISTREC=false
fi
echo -e -n "${GREY}EXTRAS: Install History Recorded Storage (session replay console integration) [y/N] [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_HISTREC=true
else
INSTALL_HISTREC=false
fi
fi
HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then
while true; do
read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
done
while true; do
read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done
fi
# If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi
echo
# Prompt for Guacamole front end reverse proxy option
echo -e "${LGREEN}Reverse Proxy & front end options:${GREY}"
if [[ -z ${INSTALL_NGINX} ]]; then
echo -e -n "FRONT END: Protect Guacamole behind Nginx reverse proxy [y/N]? [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_NGINX=true
CHANGE_ROOT=false
else
INSTALL_NGINX=false
fi
echo -e -n "FRONT END: Protect Guacamole behind Nginx reverse proxy [y/N]? [default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_NGINX=true
GUAC_URL_REDIR=false
else
INSTALL_NGINX=false
fi
fi
# Prompt to remove the trailing /guacamole dir from the default front end url
if [ "${INSTALL_NGINX}" = false ]; then
echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
CHANGE_ROOT=false
else
CHANGE_ROOT=true
fi
if [[ "${INSTALL_NGINX}" = false ]]; then
echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
GUAC_URL_REDIR=false
else
GUAC_URL_REDIR=true
fi
fi
# We must assign a DNS name for the new proxy site
if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
while true; do
read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
[ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break
# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
# [ "${PROXY_SITE}" != "" ] && break
# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
done
while true; do
read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
[[ "${PROXY_SITE}" = "" ]] || [[ "${PROXY_SITE}" != "" ]] && break
# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
# [[ "${PROXY_SITE}" != "" ]] && break
# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
done
fi
# If no proxy site dns name is given, lets assume the default FQDN is the proxy site name
if [ -z "${PROXY_SITE}" ]; then
PROXY_SITE="${DEFAULT_FQDN}"
if [[ -z "${PROXY_SITE}" ]]; then
PROXY_SITE="${DEFAULT_FQDN}"
fi
# Prompt for self signed TLS reverse proxy option
if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
# Prompt the user to see if they would like to install self signed TLS support for Nginx, default of no
echo -e -n "FRONT END: Add self signed TLS support to Nginx? [y/N]? (choose 'n' for Let's Encrypt)[default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
SELF_SIGN=true
else
SELF_SIGN=false
fi
# Prompt the user to see if they would like to install self signed TLS support for Nginx, default of no
echo -e -n "FRONT END: Add self signed TLS support to Nginx? [y/N]? (choose 'n' for Let's Encrypt)[default n]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
SELF_SIGN=true
else
SELF_SIGN=false
fi
fi
# Optional prompt to assign the self sign TLS certificate a custom expiry date, un-comment to force a manual entry
#if [ "${SELF_SIGN}" = true ]; then
#if [[ "${SELF_SIGN}" = true ]]; then
# read - p "PROXY: Enter number of days till TLS certificate expires [default 3650]: " CERT_DAYS
#fi
# If no self sign TLS certificate expiry given, lets assume a generous 10 year default certificate expiry
if [ -z "${CERT_DAYS}" ]; then
CERT_DAYS="3650"
if [[ -z "${CERT_DAYS}" ]]; then
CERT_DAYS="3650"
fi
# Prompt for Let's Encrypt TLS reverse proxy configuration option
if [[ -z ${LETS_ENCRYPT} ]] && [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = "false" ]]; then
echo -e -n "FRONT END: Add Let's Encrypt TLS support to Nginx reverse proxy [y/N] [default n]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
LETS_ENCRYPT=true
else
LETS_ENCRYPT=false
fi
echo -e -n "FRONT END: Add Let's Encrypt TLS support to Nginx reverse proxy [y/N] [default n]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
LETS_ENCRYPT=true
else
LETS_ENCRYPT=false
fi
fi
# Prompt for Let's Encrypt public dns name
if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do
read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
[ "${LE_DNS_NAME}" != "" ] && break
echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
done
while true; do
read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
[[ "${LE_DNS_NAME}" != "" ]] && break
echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
done
fi
# Prompt for Let's Encrypt admin email
if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do
read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
[ "${LE_EMAIL}" != "" ] && break
echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
while true; do
read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
[[ "${LE_EMAIL}" != "" ]] && break
echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
fi
#######################################################################################################################
@ -640,20 +655,20 @@ echo -e "${LGREEN}Beginning Guacamole setup...${GREY}"
echo
echo -e "${GREY}Checking Linux distro specific dependencies..."
if [[ $OS_FLAVOUR == "ubuntu" ]] || [[ $OS_FLAVOUR == *"ubuntu"* ]]; then # potentially expand out distro choices here
JPEGTURBO="libjpeg-turbo8-dev"
LIBPNG="libpng-dev"
# Just in case this repo is not added by default in the distro
sudo add-apt-repository -y universe &>>${INSTALL_LOG}
JPEGTURBO="libjpeg-turbo8-dev"
LIBPNG="libpng-dev"
# Just in case this repo is not added by default in the distro
sudo add-apt-repository -y universe &>>${INSTALL_LOG}
elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # expand distro choices here if required
JPEGTURBO="libjpeg62-turbo-dev"
LIBPNG="libpng-dev"
JPEGTURBO="libjpeg62-turbo-dev"
LIBPNG="libpng-dev"
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Sync the various manual config scripts with the relevant variables selected at install
@ -697,8 +712,8 @@ export GUAC_VERSION=$GUAC_VERSION
export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK
export MYSQLJCON=$MYSQLJCON
export MYSQL_VERSION=$MYSQL_VERSION
export MYSQLS=$MYSQLS
export MYSQLC=$MYSQLC
export MYSQLSRV=$MYSQLSRV
export MYSQLCLIENT=$MYSQLCLIENT
export DB_CMD=$DB_CMD
export TOMCAT_VERSION=$TOMCAT_VERSION
export INSTALL_LOG=$INSTALL_LOG
@ -720,7 +735,7 @@ export INSTALL_LDAP=$INSTALL_LDAP
export INSTALL_QCONNECT=$INSTALL_QCONNECT
export INSTALL_HISTREC=$INSTALL_HISTREC
export HISTREC_PATH="${HISTREC_PATH}"
export CHANGE_ROOT=$CHANGE_ROOT
export GUAC_URL_REDIR=$GUAC_URL_REDIR
export INSTALL_NGINX=$INSTALL_NGINX
export PROXY_SITE=$PROXY_SITE
export CERT_COUNTRY=$CERT_COUNTRY
@ -737,13 +752,13 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}"
# Run the Guacamole install script
sudo -E ./2-install-guacamole.sh
if [ $? -ne 0 ]; then
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
elif [ "${CHANGE_ROOT}" = true ]; then
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
if [[ $? -ne 0 ]]; then
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
elif [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
else
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi
# Add a Guacamole database backup (mon-fri 12:00am) into cron
@ -762,44 +777,45 @@ rm cron_1
#######################################################################################################################
# Install Nginx reverse proxy front end to Guacamole if option is selected
if [ "${INSTALL_NGINX}" = true ]; then
sudo -E ./3-install-nginx.sh
echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
if [[ "${INSTALL_NGINX}" = true ]]; then
sudo -E ./3-install-nginx.sh
echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi
# Apply self signed TLS certificates to Nginx reverse proxy if option is selected
if [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = true ]]; then
sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG}
echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG}
echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi
# Apply Let's Encrypt TLS certificates to Nginx reverse proxy if option is selected
if [[ "${INSTALL_NGINX}" = true ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
sudo -E ./4b-install-tls-letsencrypt-nginx.sh
echo -e "${LGREEN}Let's Encrypt TLS configured for Nginx \n${LYELLOW}https:${LGREEN}//${LE_DNS_NAME} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
sudo -E ./4b-install-tls-letsencrypt-nginx.sh
echo -e "${LGREEN}Let's Encrypt TLS configured for Nginx \n${LYELLOW}https:${LGREEN}//${LE_DNS_NAME} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi
# Duo Settings reminder - If Duo is selected you can't login to Guacamole until this extension is fully configured
if [ $INSTALL_DUO == "true" ]; then
echo
echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
if [[ $INSTALL_DUO == "true" ]]; then
echo
echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
fi
# LDAP Settings reminder, LDAP auth is not functional until the config is complete
if [ $INSTALL_LDAP == "true" ]; then
echo
echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
if [[ $INSTALL_LDAP == "true" ]]; then
echo
echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
fi
# Tidy up. (Installer and Nginx scripts can't be run again or standalone without modification, so removing.)
rm -f $USER_HOME_DIR/1-setup.sh
rm -rf $USER_HOME_DIR/1-setup.sh
rm -f 2-install-guacamole.sh
rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh
rm -f 4b-install-tls-letsencrypt-nginx.sh
sudo rm -R $TMP_DIR
sudo rm -rf $TMP_DIR
apt-get -y autoremove &>>${INSTALL_LOG}
# Done
echo

786
2-install-guacamole.sh
View file

@ -15,21 +15,19 @@ LGREEN='\033[0;92m'
LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated
# Apply MySQL client or server packages, and don't clobber any pre-existing database installation accidentally
if [[ "${INSTALL_MYSQL}" = true ]]; then
MYSQLPKG="${MYSQLSRV}"
elif [ -x "$(command -v mysql)" ]; then
MYSQLPKG=""
else
# Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions
MYSQLPKG="${MYSQLCLIENT}"
fi
# Pre-seed MySQL root password values for Linux Distro default packages only
if [ "${INSTALL_MYSQL}" = true ] && [ -z "${MYSQL_VERSION}" ]; then
debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
if [[ "${INSTALL_MYSQL}" = true ]] && [[ -z "${MYSQL_VERSION}" ]]; then
debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
fi
# Update everything but don't do the annoying prompts during apt installs
@ -37,168 +35,168 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Install Guacamole build dependencies.
if [ -n "${MYSQL_VERSION}" ]; then
echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..."
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ -n "${MYSQL_VERSION}" ]]; then
echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..."
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
echo -e "${GREY}Installing dependencies required for building Guacamole, this might take a few minutes..."
apt-get -qq -y install ${MYSQLPKG} ${TOMCAT_VERSION} ${JPEGTURBO} ${LIBPNG} ufw pwgen wget expect \
build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Install Postfix with default settings for smtp email relay
echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
systemctl restart postfix
echo -e "${LGREEN}OK${GREY}"
echo
systemctl restart postfix
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Download Guacamole Server
echo -e "${GREY}Downloading Guacamole source files..."
wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
exit 1
else
tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
fi
# Download Guacamole Client
wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1
else
echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}"
echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}"
fi
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1
else
tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
fi
# Download Guacamole authentication extensions
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
fi
# Download TOTP extension
if [ "${INSTALL_TOTP}" = true ]; then
wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-totp-${GUAC_VERSION}.tar.gz
rm -f add-auth-totp.sh
echo -e "${LGREEN}Downloaded guacamole-auth-totp-${GUAC_VERSION}.tar.gz${GREY}"
fi
if [[ "${INSTALL_TOTP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-totp-${GUAC_VERSION}.tar.gz
rm -f add-auth-totp.sh
echo -e "${LGREEN}Downloaded guacamole-auth-totp-${GUAC_VERSION}.tar.gz${GREY}"
fi
fi
# Download DUO extension
if [ "${INSTALL_DUO}" = true ]; then
wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-duo-${GUAC_VERSION}.tar.gz
rm -f add-auth-duo.sh
echo -e "${LGREEN}Downloaded guacamole-auth-duo-${GUAC_VERSION}.tar.gz${GREY}"
fi
if [[ "${INSTALL_DUO}" = true ]]; then
wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-duo-${GUAC_VERSION}.tar.gz
rm -f add-auth-duo.sh
echo -e "${LGREEN}Downloaded guacamole-auth-duo-${GUAC_VERSION}.tar.gz${GREY}"
fi
fi
# Download LDAP extension
if [ "${INSTALL_LDAP}" = true ]; then
wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
rm -f add-auth-ldap.sh
echo -e "${LGREEN}Downloaded guacamole-auth-ldap-${GUAC_VERSION}.tar.gz${GREY}"
fi
if [[ "${INSTALL_LDAP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
rm -f add-auth-ldap.sh
echo -e "${LGREEN}Downloaded guacamole-auth-ldap-${GUAC_VERSION}.tar.gz${GREY}"
fi
fi
# Download Guacamole quick-connect extension
if [ "${INSTALL_QCONNECT}" = true ]; then
wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
rm -f add-xtra-quickconnect.sh
echo -e "${LGREEN}Downloaded guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz${GREY}"
fi
if [[ "${INSTALL_QCONNECT}" = true ]]; then
wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
rm -f add-xtra-quickconnect.sh
echo -e "${LGREEN}Downloaded guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz${GREY}"
fi
fi
# Download Guacamole history recording storage extension
if [ "${INSTALL_HISTREC}" = true ]; then
wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
if [[ "${INSTALL_HISTREC}" = true ]]; then
wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
rm -f add-xtra-histrecstor.sh
echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}"
fi
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
rm -f add-xtra-histrecstor.sh
echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}"
fi
fi
echo -e "Source download complete.${GREY}"
@ -234,37 +232,37 @@ export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server - again"
exit
fi
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again"
exit
fi
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo -e "${GREY}Running make and building the Guacamole-Server application..."
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Update the shared library cache
@ -277,35 +275,35 @@ mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war
# Create a symbolic link for Tomcat
ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Move MySQL connector/j files
echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Configure guacamole.properties file
@ -318,229 +316,228 @@ echo "mysql-username: ${GUAC_USER}" >>/etc/guacamole/guacamole.properties
echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties
# Move TOTP files
if [ "${INSTALL_TOTP}" = true ]; then
echo -e "${GREY}Moving guacamole-auth-totp-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_TOTP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-totp-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Move Duo files
if [ "${INSTALL_DUO}" = true ]; then
echo -e "${GREY}Moving guacamole-auth-duo-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-duo-${GUAC_VERSION}/guacamole-auth-duo-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${GUAC_VERSION}.jar
echo "#duo-api-hostname: " >>/etc/guacamole/guacamole.properties
echo "#duo-integration-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-secret-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_DUO}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-duo-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-duo-${GUAC_VERSION}/guacamole-auth-duo-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${GUAC_VERSION}.jar
echo "#duo-api-hostname: " >>/etc/guacamole/guacamole.properties
echo "#duo-integration-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-secret-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Move LDAP files
if [ "${INSTALL_LDAP}" = true ]; then
echo -e "${GREY}Moving guacamole-auth-ldap-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-ldap-${GUAC_VERSION}/guacamole-auth-ldap-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${GUAC_VERSION}.jar
echo "#If you have issues with LDAP, check the formatting is exactly as below or you will despair!" >>/etc/guacamole/guacamole.properties
echo "#Be extra careful with spaces at line ends or with windows line feeds." >>/etc/guacamole/guacamole.properties
echo "#ldap-hostname: dc1.yourdomain.com dc2.yourdomain.com" >>/etc/guacamole/guacamole.properties
echo "#ldap-port: 389" >>/etc/guacamole/guacamole.properties
echo "#ldap-username-attribute: sAMAccountName" >>/etc/guacamole/guacamole.properties
echo "#ldap-encryption-method: none" >>/etc/guacamole/guacamole.properties
echo "#ldap-search-bind-dn: ad-account@yourdomain.com" >>/etc/guacamole/guacamole.properties
echo "#ldap-search-bind-password: ad-account-password" >>/etc/guacamole/guacamole.properties
echo "#ldap-config-base-dn: dc=domain,dc=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-base-dn: OU=SomeOU,DC=domain,DC=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_LDAP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-ldap-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-ldap-${GUAC_VERSION}/guacamole-auth-ldap-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${GUAC_VERSION}.jar
echo "#If you have issues with LDAP, check the formatting is exactly as below or you will despair!" >>/etc/guacamole/guacamole.properties
echo "#Be extra careful with spaces at line ends or with windows line feeds." >>/etc/guacamole/guacamole.properties
echo "#ldap-hostname: dc1.yourdomain.com dc2.yourdomain.com" >>/etc/guacamole/guacamole.properties
echo "#ldap-port: 389" >>/etc/guacamole/guacamole.properties
echo "#ldap-username-attribute: sAMAccountName" >>/etc/guacamole/guacamole.properties
echo "#ldap-encryption-method: none" >>/etc/guacamole/guacamole.properties
echo "#ldap-search-bind-dn: ad-account@yourdomain.com" >>/etc/guacamole/guacamole.properties
echo "#ldap-search-bind-password: ad-account-password" >>/etc/guacamole/guacamole.properties
echo "#ldap-config-base-dn: dc=domain,dc=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-base-dn: OU=SomeOU,DC=domain,DC=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Move quick-connect extension files
if [ "${INSTALL_QCONNECT}" = true ]; then
echo -e "${GREY}Moving guacamole-auth-quickconnect-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_QCONNECT}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-quickconnect-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Move history recording storage extension files
if [ "${INSTALL_HISTREC}" = true ]; then
echo -e "${GREY}Moving guacamole-history-recording-storage-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-history-recording-storage-${GUAC_VERSION}/guacamole-history-recording-storage-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${GUAC_VERSION}.jar
#Setup the default recording path
mkdir -p ${HISTREC_PATH}
chown daemon:tomcat ${HISTREC_PATH}
chmod 2750 ${HISTREC_PATH}
echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_HISTREC}" = true ]]; then
echo -e "${GREY}Moving guacamole-history-recording-storage-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-history-recording-storage-${GUAC_VERSION}/guacamole-history-recording-storage-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${GUAC_VERSION}.jar
#Setup the default recording path
mkdir -p ${HISTREC_PATH}
chown daemon:tomcat ${HISTREC_PATH}
chmod 2750 ${HISTREC_PATH}
echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Apply a branded interface and dark theme. You may delete this file and restart guacd & tomcat for the default console
echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..."
mv branding.jar /etc/guacamole/extensions
chmod 664 /etc/guacamole/extensions/branding.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Restart Tomcat
echo -e "${GREY}Restarting Tomcat service & enable at boot..."
systemctl restart ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Set Tomcat to start at boot
systemctl enable ${TOMCAT_VERSION}
echo
if [ "${INSTALL_MYSQL}" = true ]; then
# Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD}
if [[ "${INSTALL_MYSQL}" = true ]]; then
# Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD}
# Set the root password without a reliance on debconf.
echo -e "${GREY}Setting MySQL root password..."
SQLCODE="
# Set the root password without a reliance on debconf.
echo -e "${GREY}Setting MySQL root password..."
SQLCODE="
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo ${SQLCODE} | $DB_CMD -u root
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break
fi
fi
done
# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break
fi
fi
done
# Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
# Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
# Add the timzone value to the sanitsed server file section name.
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Set the MySQL Timezone
if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
# Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
# Add the timzone value to the sanitsed server file section name.
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
fi
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# This should stay as localhost in most local MySQL install situations. This setting determine from WHERE the new ${GUAC_USER}
# will be able to login to the database (either specific remote IPs or localhost only.)
# However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
# (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range.
# You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
if [ "${MYSQL_HOST}" != "localhost" ]; then
GUAC_USERHost="%"
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
else
GUAC_USERHost="localhost"
fi
# This should stay as localhost in most local MySQL install situations. This setting determine from WHERE the new ${GUAC_USER}
# will be able to login to the database (either specific remote IPs or localhost only.)
# However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
# (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range.
# You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
if [[ "${MYSQL_HOST}" != "localhost" ]]; then
GUAC_USERHost="%"
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
else
GUAC_USERHost="localhost"
fi
# Execute SQL code to create the Guacamole database
echo -e "${GREY}Creating the Guacamole database..."
SQLCODE="
# Execute SQL code to create the Guacamole database
echo -e "${GREY}Creating the Guacamole database..."
SQLCODE="
DROP DATABASE IF EXISTS ${GUAC_DB};
CREATE DATABASE IF NOT EXISTS ${GUAC_DB};
CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;"
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ] && [ "${INSTALL_MYSQL}" = true ]; then
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
if [[ "${SECURE_MYSQL}" = true ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
set timeout 10
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
@ -559,44 +556,44 @@ expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo "$SECURE_MYSQL"
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Restart MySQL service
if [ "${INSTALL_MYSQL}" = true ]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Create guacd.conf and locahost IP binding.
echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
cat >/etc/guacamole/guacd.conf <<-"EOF"
[server]
bind_host = 127.0.0.1
bind_port = 4822
[server]
bind_host = 127.0.0.1
bind_port = 4822
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Ensure guacd is started
@ -604,28 +601,28 @@ echo -e "${GREY}Starting guacd service & enable at boot..."
systemctl enable guacd
systemctl stop guacd 2>/dev/null
systemctl start guacd
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [ "${CHANGE_ROOT}" = true ]; then
echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
systemctl stop ${TOMCAT_VERSION}
mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old
touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
if [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
systemctl stop ${TOMCAT_VERSION}
mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old
touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
systemctl start ${TOMCAT_VERSION}
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
echo -e "${GREY}Updating firewall rules to allow only SSH and tcp 8080..."
@ -636,12 +633,12 @@ sudo ufw allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
# Reduce firewall logging noise
sudo ufw logging off >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup
@ -649,20 +646,19 @@ echo -e "${GREY}Cleanup install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup
if [ "${INSTALL_NGINX}" = false ]; then
rm -rf 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh
rm -rf 4b-install-tls-letsencrypt-nginx.sh
rm -f refresh-tls-self-signed.sh
if [[ "${INSTALL_NGINX}" = false ]]; then
rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh
rm -f 4b-install-tls-letsencrypt-nginx.sh
rm -f refresh-tls-self-signed.sh
fi
unset MYSQL_PWD
apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo -e "${LGREEN}OK${GREY}"
fi
# Done

48
3-install-nginx.sh
View file

@ -43,12 +43,12 @@ server {
}
}
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Force nginx to require tls1.2 and above
@ -64,24 +64,24 @@ unlink /etc/nginx/sites-enabled/default
# Do mandatory Nginx tweaks for logging actual client IPs through a proxy IP of 127.0.0.1 - DO NOT CHANGE COMMAND FORMATING!
echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}"
sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a \ <!-- Allow host IP to pass through to guacamole.-->\n <Valve className="org.apache.catalina.valves.RemoteIpValve"\n internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n remoteIpHeader="x-forwarded-for"\n remoteIpProxiesHeader="x-forwarded-by"\n protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Allow large file transfers through Nginx
sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf # remove this line if it already exists to prevent duplicates
sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size
echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Update general ufw rules so force traffic via reverse proxy. Only Nginx and SSH will be available over the network.
@ -92,12 +92,12 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw delete allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Reload everything
@ -105,11 +105,11 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo -e "${LGREEN}OK${GREY}"
fi
# Done

64
4a-install-tls-self-signed-nginx.sh
View file

@ -31,11 +31,11 @@ DIR_SSL_KEY="/etc/nginx/ssl/private"
# Make directories to place TLS Certificate if they don't exist
if [[ ! -d $DIR_SSL_KEY ]]; then
sudo mkdir -p $DIR_SSL_KEY
sudo mkdir -p $DIR_SSL_KEY
fi
if [[ ! -d $DIR_SSL_CERT ]]; then
sudo mkdir -p $DIR_SSL_CERT
sudo mkdir -p $DIR_SSL_CERT
fi
# Discover IPv4 interface
@ -71,12 +71,12 @@ EOF
echo
echo "{$GREY}Creating a new Nginx TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Place TLS Certificate into the defined application path
@ -86,12 +86,12 @@ sudo cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Change of permissions so certs can be copied via WinSCP.
@ -102,12 +102,12 @@ sudo chown $SUDO_USER:root $TLSNAME.key
# Backup the current Nginx config before update
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak"
cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Update Nginx config to accept the new certificates
@ -150,12 +150,12 @@ server {
}
}
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Update general ufw rules so force traffic via reverse proxy. Only Nginx and SSH will be available over the network.
@ -166,12 +166,12 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Reload everything
@ -179,12 +179,12 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Hack to assist with displaying "$" symbols and " ' quotes in a (cut/paste-able) bash screen output format

58
4b-install-tls-letsencrypt-nginx.sh
View file

@ -29,12 +29,12 @@ apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${INSTALL_LOG}
echo
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Configure Nginx to accept the new certificates
@ -57,12 +57,12 @@ server {
}
}
EOL
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Update general ufw rules so force traffic via reverse proxy. Only Nginx and SSH will be available over the network.
@ -73,12 +73,12 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Bounce Nginx to reload the new Nginx config so certbot config can continue
@ -88,12 +88,12 @@ systemctl restart nginx
certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hsts
echo -e
echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Select a random daily time to schedule a daily check for Let's Encrypt certificates due to expire in next 30 days.
@ -110,12 +110,12 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'systemc
# Overwrite old cron settings and cleanup
crontab cron_1
rm cron_1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Reload everything once again
@ -123,11 +123,11 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo -e "${LGREEN}OK${GREY}"
fi
# Done

14
README.md
View file

@ -1,6 +1,6 @@
# Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with Guacamole in an enterprise or high availability deployment too!
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with an enterprise high availability deployment too!
## Automatic Installation
@ -10,15 +10,21 @@
wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
```
## Prerequisites (Debian 12 now working!)
## Prerequisites (Yes! Debian 12 is now supported!)
<img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10, 11 or 12, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
- **A compatible OS:**
- **Debian 12, 11 or 10**
- **Ubuntu 23.04, 22.04, 20.04 & 18.04**
- **Raspbian Buster & Bullseye**
- **Official vendor cloud images equivalent to the above.**
- Minimum 8GB RAM and 40GB HDD.
- DNS entries matching your default appliance network interface IP (essential for TLS).
- Open TCP ports: 22, 80, and 443.
23.04, 22.04, 20.04 & 18.04
## Installation Menu
<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **The main script guides you through the installation process in the following steps:**
@ -50,7 +56,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
1. Paste and run the wget autorun link in your home directory.
2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. All options for customisation are found in the top sections of this script only. (Certain combinations of edits will even produce a fully unattended install!)
4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. There should be little need to edit outside of the setup script's options.)
5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.

2
guac-custom-theme-builder/README.MD
View file

@ -1,7 +1,7 @@
## Custom branding & theme instructions ##
1. Install Java JDK: `sudo apt update && sudo apt -y install default-jdk`
1. Install the Java JDK: `sudo apt update && sudo apt -y install default-jdk`
3. Modify `custom-theme.css` ,`guac-manifest.json`, `en.json` & `META-INF` as desired & add your logo .png files to the images directory.
4. To commit your changes, run the below commands from within the custom-theme-builder directory, then refresh your browser to re-login to Guacamole:
```

252
guac-enterprise-build/install-mysql-backend-only.sh
View file

@ -27,18 +27,18 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
@ -100,14 +100,14 @@ DB_TZ=$(cat /etc/timezone) # Typically system default (cat /etc/timezone) or cha
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated
if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated
else
# Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions
# Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions
fi
# Update everything but don't do the annoying prompts during apt installs
@ -115,44 +115,44 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
cd $DOWNLOAD_DIR
# Add the official MariaDB repo
if [ -n "${MYSQL_VERSION}" ]; then
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
if [[ -n "${MYSQL_VERSION}" ]]; then
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
fi
# Download and extract the Guacamole SQL authentication extension containing the database schema
echo -e "${GREY}Downloading Guacamole database source files..."
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
fi
echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
echo
echo -e "${GREY}Installing MySQL packages..."
apt-get -qq -y install ${MYSQLPKG} &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Set the root password without a reliance on debconf.
@ -161,89 +161,89 @@ SQLCODE="
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break
fi
fi
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break
fi
fi
done
# Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
# Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
# Add the timzone value to the sanitsed server file section name.
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
# Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
# Add the timzone value to the sanitsed server file section name.
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Set the MySQL binding IP address to whatever the setup variable is set to.
echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions)
echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs
elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
if [[ "${BACKEND_MYSQL}" = true ]] && [[ -z "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs
elif [[ "${BACKEND_MYSQL}" = true ]] && [[ -n "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [[ "${BACKEND_MYSQL}" = false ]] || [[ -z "${BACKEND_MYSQL}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
else
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Create the new Guacamole database
@ -256,30 +256,30 @@ GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USER
FLUSH PRIVILEGES;"
# Execute SQL code
echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Add Guacamole's schema code to newly created database
echo -e "${GREY}Adding the Guacamole database schema..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then
apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
if [[ "${SECURE_MYSQL}" = true ]]; then
apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
set timeout 10
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
@ -298,26 +298,26 @@ expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo "$SECURE_MYSQL"
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Restart & enable MySQL service at boot
echo -e "${GREY}Restarting MySQL service & enable at boot..."
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup
@ -325,12 +325,12 @@ echo -e "${GREY}Cleaning up install files...${GREY}"
apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG}
rm -rf guacamole-*
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Done

68
guac-enterprise-build/upgrade-mysql-backend-only.sh
View file

@ -25,18 +25,18 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
@ -82,12 +82,12 @@ echo
# Download and extract the Guacamole SQL authentication extension containing the database schema
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
fi
echo
@ -97,40 +97,40 @@ UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgra
# Compare SQL Upgrage Files against old version, apply upgrades as needed
for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Restart MySQL service
echo -e "${GREY}Restarting MySQL service..."
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Done

32
guac-management/backup-guac.sh
View file

@ -39,28 +39,28 @@ echo -e "${LGREEN}Backup started for database - ${GUAC_DB}"
echo
mysqldump -h ${MYSQL_HOST} \
-P ${MYSQL_PORT} \
-u ${GUAC_USER} \
-p"${GUAC_PWD}" \
${GUAC_DB} \
--single-transaction --quick --lock-tables=false >${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
-P ${MYSQL_PORT} \
-u ${GUAC_USER} \
-p"${GUAC_PWD}" \
${GUAC_DB} \
--single-transaction --quick --lock-tables=false >${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
SQLFILE=${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
if [ $? -ne 0 ]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}Backup completed ok.${GREY}"
echo
echo -e "${LGREEN}Backup completed ok.${GREY}"
echo
fi
gzip -f ${SQLFILE}
# Error check and email alerts
if [ $? -ne 0 ]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}${GUAC_DB} backup was successfully copied to ${DB_BACKUP_DIR}"
#mailx -s "Guacamomle Database Backup Success" ${BACKUP_EMAIL}
echo "${GUAC_DB} backup was successfully copied to $DB_BACKUP_DIR" | mailx -s "Guacamole backup " ${BACKUP_EMAIL}
echo -e "${LGREEN}${GUAC_DB} backup was successfully copied to ${DB_BACKUP_DIR}"
#mailx -s "Guacamomle Database Backup Success" ${BACKUP_EMAIL}
echo "${GUAC_DB} backup was successfully copied to $DB_BACKUP_DIR" | mailx -s "Guacamole backup " ${BACKUP_EMAIL}
fi
echo -e ${NC}

52
guac-management/refresh-tls-self-signed.sh
View file

@ -23,11 +23,11 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
echo
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
echo
exit 1
fi
echo
@ -61,19 +61,19 @@ CERT_DAYS=
DEFAULT_IP=
# Assume the values used by the guacamole installer if the script is run without any command line options
if [ -z "$1" ] | [ -z "$2" ] | [ -z "$3" ]; then
TLSNAME=$PROXY_SITE
TLSDAYS=$CERT_DAYS
TLSIP=$DEFAULT_IP
if [[ -z "$1" ]] | [[ -z "$2" ]] | [[ -z "$3" ]]; then
TLSNAME=$PROXY_SITE
TLSDAYS=$CERT_DAYS
TLSIP=$DEFAULT_IP
fi
# Make directories to place TLS Certificate if they don't exist
if [[ ! -d $DIR_SSL_KEY ]]; then
sudo mkdir -p $DIR_SSL_KEY
sudo mkdir -p $DIR_SSL_KEY
fi
if [[ ! -d $DIR_SSL_CERT ]]; then
sudo mkdir -p $DIR_SSL_CERT
sudo mkdir -p $DIR_SSL_CERT
fi
echo -e "${GREY}New self signed TLS certificate attributes are shown below...${DGREY}"
@ -107,12 +107,12 @@ echo
# Create the new certificates
echo "{$GREY}Creating a new TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config cert_attributes.txt
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Place TLS Certificate into the defined application path
@ -122,12 +122,12 @@ cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Change of permissions so certs can be copied via WinSCP.
@ -139,12 +139,12 @@ TOMCAT=$(ls /etc/ | grep tomcat)
systemctl restart $TOMCAT
systemctl restart guacd
systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Hack to assist with displaying "$" symbols and " ' quotes in a (cut/paste-able) bash screen output format

330
guac-management/upgrade-guac.sh
View file

@ -22,18 +22,18 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
@ -96,52 +96,52 @@ cd $DOWNLOAD_DIR
echo
echo -e "${GREY}Downloading updated Guacamole source files and beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..."
wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}"
exit 1
else
rm /etc/guacamole/guacamole.war
mv -f guacamole-${NEW_GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war
rm /etc/guacamole/guacamole.war
mv -f guacamole-${NEW_GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war
fi
echo -e "${LGREEN}Upgraded Guacamole client to version ${NEW_GUAC_VERSION}${GREY}"
# Download and upgrade Guacamole SQL authentication extension
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
rm /etc/guacamole/extensions/guacamole-auth-jdbc-*.jar
mv -f guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${NEW_GUAC_VERSION}.jar
tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
rm /etc/guacamole/extensions/guacamole-auth-jdbc-*.jar
mv -f guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${NEW_GUAC_VERSION}.jar
fi
echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GREY}"
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${NEW_MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}"
exit 1
else
tar -xzf mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
rm /etc/guacamole/lib/mysql-connector-java.jar
mv -f mysql-connector-j-${NEW_MYSQLJCON}/mysql-connector-j-${NEW_MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
tar -xzf mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
rm /etc/guacamole/lib/mysql-connector-java.jar
mv -f mysql-connector-j-${NEW_MYSQLJCON}/mysql-connector-j-${NEW_MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
fi
echo -e "${LGREEN}Upgraded MySQL connector/j to ${NEW_MYSQLJCON}${GREY}"
# Download Guacamole Server
wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
exit 1
else
tar -xzf guacamole-server-${NEW_GUAC_VERSION}.tar.gz
tar -xzf guacamole-server-${NEW_GUAC_VERSION}.tar.gz
fi
echo -e "${LGREEN}Downloaded guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
@ -153,163 +153,163 @@ echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with
export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server - again"
exit
fi
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again"
exit
fi
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..."
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
echo -e "${GREY}Installing the upgraded Guacamole-Server..."
make install &>>${INSTALL_LOG}
ldconfig
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
cd ..
# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
if [ "${INSTALL_MYSQL}" = true ]; then
# Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
if [[ "${INSTALL_MYSQL}" = true ]]; then
# Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
# Compare SQL Upgrage Files against old version, apply upgrades as needed
for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Compare SQL Upgrage Files against old version, apply upgrades as needed
for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Check for TOTP extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded TOTP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
if [[ -f $file ]]; then
echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded TOTP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
done
# Check for DUO extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded DUO extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
if [[ -f $file ]]; then
echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded DUO extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
done
# Check for LDAP extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded LDAP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
if [[ -f $file ]]; then
echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded LDAP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
done
# Check for Quick Connection extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded Quick Connect extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
if [[ -f $file ]]; then
echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded Quick Connect extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
done
# Check for History Recording Storage extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-history-recording-storage*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded History Recording Storage extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
if [[ -f $file ]]; then
echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded History Recording Storage extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
break
fi
done
# Fix for #196 see https://github.com/MysticRyuujin/guac-install/issues/196
@ -325,24 +325,24 @@ echo -e "${GREY}Starting guacd and Tomcat services..."
systemctl enable guacd
systemctl start guacd
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Done

8
guac-optional-features/add-auth-duo.sh
View file

@ -17,10 +17,10 @@ NC='\033[0m' #No Colour
clear
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT_VERSION}/webapps/guacamole/guacamole-common-js/modules/Version.js)

20
guac-optional-features/add-auth-ldap.sh
View file

@ -18,10 +18,10 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
@ -36,13 +36,13 @@ echo
case $yn in
y) echo Beginning LDAP auth config... ;;
n)
echo exiting...
exit
;;
echo exiting...
exit
;;
*)
echo invalid response
exit 1
;;
echo invalid response
exit 1
;;
esac
echo

8
guac-optional-features/add-auth-totp.sh
View file

@ -18,10 +18,10 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)

238
guac-optional-features/add-fail2ban.sh
View file

@ -18,10 +18,10 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Initialise variables
@ -43,25 +43,25 @@ rm -f /tmp/fail2ban.update
# Prompt to install fail2ban base package with no policy as yet, default of yes
if [[ -z ${FAIL2BAN_BASE} ]]; then
echo
echo -e -n "${LGREEN}Install Fail2ban? (base package with no policy as yet) [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
FAIL2BAN_BASE=false
else
FAIL2BAN_BASE=true
fi
echo
echo -e -n "${LGREEN}Install Fail2ban? (base package with no policy as yet) [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
FAIL2BAN_BASE=false
else
FAIL2BAN_BASE=true
fi
fi
# Prompt to install Guacamole fail2ban config defaults, default of no
if [[ -z ${FAIL2BAN_GUAC} ]] && [[ "${FAIL2BAN_BASE}" = true ]]; then
echo -e -n "${GREY}POLICY: Apply Guacamole fail2ban security policy? (Y/n) [default y]:${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
FAIL2BAN_GUAC=false
else
FAIL2BAN_GUAC=true
fi
echo -e -n "${GREY}POLICY: Apply Guacamole fail2ban security policy? (Y/n) [default y]:${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
FAIL2BAN_GUAC=false
else
FAIL2BAN_GUAC=true
fi
fi
# Prompt to install Nginx fail2ban config defaults , default of no - NOT IMPLEMENTED YET
@ -91,14 +91,14 @@ fi
#######################################################################################################################
# Install base fail2ban base application, and whitelist the local subnet as the starting baseline (no policy defined yet)
if [ "${FAIL2BAN_BASE}" = true ]; then
if [[ "${FAIL2BAN_BASE}" = true ]]; then
#Update and install fail2ban (and john for management of config file updates, and not overwrite any existing settings)
sudo apt-get update -qq >/dev/null 2>&1
sudo apt-get install fail2ban john -qq -y >/dev/null 2>&1
#Update and install fail2ban (and john for management of config file updates, and not overwrite any existing settings)
sudo apt-get update -qq >/dev/null 2>&1
sudo apt-get install fail2ban john -qq -y >/dev/null 2>&1
# Create the basic jail.local template and local subnet whitelist
cat >/tmp/fail2ban.conf <<EOF
# Create the basic jail.local template and local subnet whitelist
cat >/tmp/fail2ban.conf <<EOF
[DEFAULT]
destemail = yourname@example.com
sender = yourname@example.com
@ -106,101 +106,101 @@ action = %(action_mwl)s
ignoreip =
EOF
# We need to discover all interfaces to ascertain what network ranges to add to fail2ban "ignoreip" policy override defaults
ip -o addr show up primary scope global | while read -r num dev fam addr rest; do echo ${addr%*}; done | cat >/tmp/ip_list.txt
# We need to discover all interfaces to ascertain what network ranges to add to fail2ban "ignoreip" policy override defaults
ip -o addr show up primary scope global | while read -r num dev fam addr rest; do echo ${addr%*}; done | cat >/tmp/ip_list.txt
# Loop the list of discovered ips and extract the subnet ID addresses for each interface
FILE=/tmp/ip_list.txt
LINES=$(cat $FILE)
for LINE in $LINES; do
# Loop the list of discovered ips and extract the subnet ID addresses for each interface
FILE=/tmp/ip_list.txt
LINES=$(cat $FILE)
for LINE in $LINES; do
tonum() {
if [[ $LINE =~ ([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+) ]]; then
addr=$(((${BASH_REMATCH[1]} << 24) + (${BASH_REMATCH[2]} << 16) + (${BASH_REMATCH[3]} << 8) + ${BASH_REMATCH[4]}))
eval "$2=\$addr"
fi
}
toaddr() {
b1=$((($1 & 0xFF000000) >> 24))
b2=$((($1 & 0xFF0000) >> 16))
b3=$((($1 & 0xFF00) >> 8))
b4=$(($1 & 0xFF))
eval "$2=\$b1.\$b2.\$b3.\$b4"
}
tonum() {
if [[ $LINE =~ ([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+) ]]; then
addr=$(((${BASH_REMATCH[1]} << 24) + (${BASH_REMATCH[2]} << 16) + (${BASH_REMATCH[3]} << 8) + ${BASH_REMATCH[4]}))
eval "$2=\$addr"
fi
}
toaddr() {
b1=$((($1 & 0xFF000000) >> 24))
b2=$((($1 & 0xFF0000) >> 16))
b3=$((($1 & 0xFF00) >> 8))
b4=$(($1 & 0xFF))
eval "$2=\$b1.\$b2.\$b3.\$b4"
}
if [[ $LINE =~ ^([0-9\.]+)/([0-9]+)$ ]]; then
# CIDR notation
IPADDR=${BASH_REMATCH[1]}
NETMASKLEN=${BASH_REMATCH[2]}
PREFIX=$NETMASKLEN
zeros=$((32 - NETMASKLEN))
NETMASKNUM=0
for ((i = 0; i < $zeros; i++)); do
NETMASKNUM=$(((NETMASKNUM << 1) ^ 1))
done
NETMASKNUM=$((NETMASKNUM ^ 0xFFFFFFFF))
toaddr $NETMASKNUM NETMASK
else
IPADDR=${1:-192.168.1.1}
NETMASK=${2:-255.255.255.0}
fi
if [[ $LINE =~ ^([0-9\.]+)/([0-9]+)$ ]]; then
# CIDR notation
IPADDR=${BASH_REMATCH[1]}
NETMASKLEN=${BASH_REMATCH[2]}
PREFIX=$NETMASKLEN
zeros=$((32 - NETMASKLEN))
NETMASKNUM=0
for ((i = 0; i < $zeros; i++)); do
NETMASKNUM=$(((NETMASKNUM << 1) ^ 1))
done
NETMASKNUM=$((NETMASKNUM ^ 0xFFFFFFFF))
toaddr $NETMASKNUM NETMASK
else
IPADDR=${1:-192.168.1.1}
NETMASK=${2:-255.255.255.0}
fi
tonum $IPADDR IPADDRNUM
tonum $NETMASK NETMASKNUM
tonum $IPADDR IPADDRNUM
tonum $NETMASK NETMASKNUM
# The logic to calculate network and broadcast
INVNETMASKNUM=$((0xFFFFFFFF ^ NETMASKNUM))
NETWORKNUM=$((IPADDRNUM & NETMASKNUM))
BROADCASTNUM=$((INVNETMASKNUM | NETWORKNUM))
# The logic to calculate network and broadcast
INVNETMASKNUM=$((0xFFFFFFFF ^ NETMASKNUM))
NETWORKNUM=$((IPADDRNUM & NETMASKNUM))
BROADCASTNUM=$((INVNETMASKNUM | NETWORKNUM))
toaddr $NETWORKNUM NETWORK
toaddr $BROADCASTNUM BROADCAST
toaddr $NETWORKNUM NETWORK
toaddr $BROADCASTNUM BROADCAST
# Reverse engineer the subnet ID from the calcualted IP address and subnet prefix
IFS=. read -r i1 i2 i3 i4 <<<"$IPADDR"
IFS=. read -r m1 m2 m3 m4 <<<"$NETMASK"
# Reverse engineer the subnet ID from the calcualted IP address and subnet prefix
IFS=. read -r i1 i2 i3 i4 <<<"$IPADDR"
IFS=. read -r m1 m2 m3 m4 <<<"$NETMASK"
# Lay out the subnet ID address as a variable
printf -v NETADDR "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
# Lay out the subnet ID address as a variable
printf -v NETADDR "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
#Dump out the calcualted subnet IDs to a file
echo $NETADDR"/"$NETMASKLEN | tr '\n' ' ' | cat >>/tmp/netaddr.txt
#Dump out the calcualted subnet IDs to a file
echo $NETADDR"/"$NETMASKLEN | tr '\n' ' ' | cat >>/tmp/netaddr.txt
done
done
fi
if [ "${FAIL2BAN_BASE}" = true ]; then
# Now the above loop is done, append the single loopback address to all the discovered the subnet IDs in a single line
sed -i 's/^/127.0.0.1\/24 /' /tmp/netaddr.txt
if [[ "${FAIL2BAN_BASE}" = true ]]; then
# Now the above loop is done, append the single loopback address to all the discovered the subnet IDs in a single line
sed -i 's/^/127.0.0.1\/24 /' /tmp/netaddr.txt
# Finally assemble the entire syntax of the ignoreip whitelist for insertion into the base fail2ban config
SED_IGNORE=$(echo "ignoreip = ")
SED_NETADDR=$(cat /tmp/netaddr.txt)
sed -i "s|ignoreip \=|${SED_IGNORE}${SED_NETADDR}|g" /tmp/fail2ban.conf
# Finally assemble the entire syntax of the ignoreip whitelist for insertion into the base fail2ban config
SED_IGNORE=$(echo "ignoreip = ")
SED_NETADDR=$(cat /tmp/netaddr.txt)
sed -i "s|ignoreip \=|${SED_IGNORE}${SED_NETADDR}|g" /tmp/fail2ban.conf
# Move the new base fail2ban config to the jail.local file
touch /etc/fail2ban/jail.local
# Move the new base fail2ban config to the jail.local file
touch /etc/fail2ban/jail.local
# Apply the base config, keeping any pre-existing settings
sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local'
# Apply the base config, keeping any pre-existing settings
sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local'
# Clean up
rm -f /tmp/fail2ban.conf
rm -f /tmp/ip_list.txt
rm -f /tmp/netaddr.txt
rm -f /tmp/fail2ban.update
# Clean up
rm -f /tmp/fail2ban.conf
rm -f /tmp/ip_list.txt
rm -f /tmp/netaddr.txt
rm -f /tmp/fail2ban.update
# bounce the service to reload the new config
sudo systemctl restart fail2ban
# bounce the service to reload the new config
sudo systemctl restart fail2ban
# Done
echo
echo -e "${LGREEN}Fail2ban installed...${GREY}"
echo
# Done
echo
echo -e "${LGREEN}Fail2ban installed...${GREY}"
echo
else
echo -e "${LGREEN}Fail2ban setup cancelled.${GREY}"
echo -e "${LGREEN}Fail2ban setup cancelled.${GREY}"
fi
@ -208,10 +208,10 @@ fi
# Fail2ban optional policy setup items ################################################################################
#######################################################################################################################
if [ "${FAIL2BAN_GUAC}" = true ]; then
if [[ "${FAIL2BAN_GUAC}" = true ]]; then
# Create the Guacamole jail.local policy template
cat >/tmp/fail2ban.conf <<EOF
# Create the Guacamole jail.local policy template
cat >/tmp/fail2ban.conf <<EOF
[guacamole]
enabled = true
port = http,https
@ -221,26 +221,26 @@ findtime = 60m
maxretry = 5
EOF
# Apply the new Guacamole jail config keeping any pre-existing settings
sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local'
# Apply the new Guacamole jail config keeping any pre-existing settings
sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local'
# Backup the default Fail2ban Guacamole filter
cp /etc/fail2ban/filter.d/guacamole.conf /etc/fail2ban/filter.d/guacamole.conf.bak
# Backup the default Fail2ban Guacamole filter
cp /etc/fail2ban/filter.d/guacamole.conf /etc/fail2ban/filter.d/guacamole.conf.bak
# Remove the default log search regex
sudo bash -c 'sed -e "/Authentication attempt from/ s/^#*/#/" -i /etc/fail2ban/filter.d/guacamole.conf'
# Remove the default log search regex
sudo bash -c 'sed -e "/Authentication attempt from/ s/^#*/#/" -i /etc/fail2ban/filter.d/guacamole.conf'
# Create a new log search regex specific for tomcat logs (as a variable due to complexity of characters for sed syntax)
REGEX='failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from <HOST> for user "[^"]*" failed\.$'
#Insert the new regex
sed -i -e "/Authentication attempt from/a ${REGEX}" /etc/fail2ban/filter.d/guacamole.conf
# Create a new log search regex specific for tomcat logs (as a variable due to complexity of characters for sed syntax)
REGEX='failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from <HOST> for user "[^"]*" failed\.$'
#Insert the new regex
sed -i -e "/Authentication attempt from/a ${REGEX}" /etc/fail2ban/filter.d/guacamole.conf
# Done
echo -e "${LGREEN}Guacamole security policy applied${GREY}\n- ${SED_NETADDR}are whitelisted from all IP bans.\n- To alter this whitelist, edit /etc/fail2ban/jail.local & sudo systemctl restart fail2ban \n \n This script may take a while to complete on first run..."
# Done
echo -e "${LGREEN}Guacamole security policy applied${GREY}\n- ${SED_NETADDR}are whitelisted from all IP bans.\n- To alter this whitelist, edit /etc/fail2ban/jail.local & sudo systemctl restart fail2ban \n \n This script may take a while to complete on first run..."
# Bounce the service to reload the new config
sudo systemctl restart fail2ban
echo
# Bounce the service to reload the new config
sudo systemctl restart fail2ban
echo
fi
# Clean up
@ -250,13 +250,13 @@ rm -f /tmp/netaddr.txt
rm -f /tmp/fail2ban.update
############## Start Fail2ban NGINX security policy option ###############
#if [ "${FAIL2BAN_NGINX}" = true ]; then
#if [[ "${FAIL2BAN_NGINX}" = true ]]; then
# echo -e "${LGREEN}Nginx Fail2ban policy not implemented yet.${GREY}"
# echo
#fi
############### Start Fail2ban SSH security policy option ################
#if [ "${FAIL2BAN_SSH}" = true ]; then
#if [[ "${FAIL2BAN_SSH}" = true ]]; then
# echo -e "${LGREEN}SSH Fail2ban policy not implemented yet..${GREY}"
# echo
#fi

34
guac-optional-features/add-smtp-relay-o365.sh
View file

@ -27,10 +27,10 @@ SERVER=$(uname -n)
DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed 's/'search[[:space:]]'//')
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
echo
@ -41,11 +41,11 @@ echo
echo -e "${GREY}Installing Postfix with non-interactive defaults..."
sudo apt update -qq >/dev/null 2>&1
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo -e "${LGREEN}OK${GREY}"
fi
# Get the Office365 smtp authentication credentials
@ -79,12 +79,12 @@ smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Setup the password file and postmap
@ -110,11 +110,11 @@ sudo postmap /etc/postfix/generic
# Restart and test
echo -e "${GREY}Restarting Postfix..."
sudo systemctl restart postfix
if [ $? -ne 0 ]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo -e "${LGREEN}OK${GREY}"
fi
echo

8
guac-optional-features/add-tls-guac-daemon.sh
View file

@ -19,10 +19,10 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)

18
guac-optional-features/add-xtra-histrecstor.sh
View file

@ -18,10 +18,10 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
@ -30,13 +30,13 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
while true; do
echo
read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
echo
read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done
# If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi
echo

8
guac-optional-features/add-xtra-quickconnect.sh
View file

@ -18,10 +18,10 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
TOMCAT_VERSION=$(ls /etc/ | grep tomcat)