#########################
Connection setup tips:
#########################
# Quick connection syntax (Windows 10 RDP)
    rdp://user@xxx.xxx.xxx.xxx/?security=nla&ignore-cert=true

# To view links to recorded sessions from within the connection history page:
    1. Install the history-recording-storage option
    2. For each connection configuration profile, in the Screen Recording section set:
          Recording Path = ${HISTORY_PATH}/${HISTORY_UUID}
          Automatically create recording path = tick

# To create a quasi SSO pass through for LDAP and others, for each connection configuration profile:
    Add ${GUAC_USERNAME} to the Username field for each connection profile
    Add ${GUAC_PASSWORD} to the Password field for each connection profile


####################
Guacamole Debug mode
####################
sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f  #Verbose logs will start in the console.


################################################
Switch to Debian Testing repo 
(upgrade/bugfix beyond a current stable package)
################################################
sudo apt update && sudo apt upgrade -y # Update first 
sudo cp /etc/apt/sources.list sources.list.backup # Backup sources list 
sudo sed -i 's/bullseye/testing/g' /etc/apt/sources.list # Switch to testing 

sudo nano /etc/apt/sources.list # Now manually edit
	comment out all lines having "security.debian.org" 
	comment out all lines that end with "updates"
	add this line: deb http://security.debian.org testing-security main

sudo apt update && sudo apt-get install --only-upgrade libssh2-1-dev # update an individual package



###############################################
Audit Guacamole Connections and User access.
###############################################
mysql -u root -p guacamole_db
select 
    guacamole_entity.name, 
    guacamole_connection.connection_name, 
    guacamole_connection_permission.permission 
from 
    guacamole_connection 
    left join guacamole_connection_permission on guacamole_connection_permission.connection_id = guacamole_connection.connection_id 
    left join guacamole_entity on guacamole_entity.entity_id = guacamole_connection_permission.entity_id 
where 
    guacamole_connection_permission.permission = 'READ' 
    and guacamole_entity.name != 'guacadmin';
Quit to exit


###############################################
# Manually reset TOTP configuration for a user 
###############################################
# This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference.
mysql -u root -p
use guacamole_db;
SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';
UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
quit;


###############################################
# Quick troubleshoot SQL commands
###############################################
# Login
sudo mysql -u root -p

# Check time zone
SELECT @@time_zone;

# Rename user from local to remove access
use guacamole_db;
RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';

# Check user access
SELECT user,host FROM mysql.user;
SHOW GRANTS FOR guacamole_user;

#########################
Nginx load / DoS testing 
#########################
https://ourcodeworld.com/articles/read/949/how-to-perform-a-dos-attack-slow-http-with-slowhttptest-test-your-server-slowloris-protection-in-kali-linux
slowhttptest -c 10000 -H -g -o ./output_file -i 3 -r 500 -t GET -u http://jumpbox.domain.com -x 24 -p 2


#####################################################
Allow local browser microphone redirect without TLS
#####################################################
chrome://flags/#unsafely-treat-insecure-origin-as-secure


#####################################################
Build Custom Console
####################################################
# clone and edit source
sudo apt update && sudo apt install git
git clone https://github.com/apache/guacamole-client.git
Wdit the en.json file to the values you need

# Install Older Java 8 prerequisites
https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html (needs oracle sign in)
sudo mkdir -p /usr/lib/jvm
sudo tar zxvf jdk-8u411-linux-x64.tar.gz -C /usr/lib/jvm
sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_411/bin/java" 1
sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_411/bin/java

# Install maven to build the new war file
sudo apt install maven
cd ~/guacamole-client
mvn package
new .war file is found in guacamole-client/guacamole/target

# Install the bew .war file into Guacamole
sudo mv -f guacamole-1.5.5.war /etc/guacamole/guacamole.war # copy and rename the new war file
sudo chmod 664 /etc/guacamole/guacamole.war
sudo ln -sf /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/
sudo systemctl restart tomcat9 && sudo systemctl restart guacd