######################### Connection setup tips: ######################### # Quick connection syntax (Windows 10 RDP) rdp://user@xxx.xxx.xxx.xxx/?security=nla&ignore-cert=true # To view links to recorded sessions from within the connection history page: 1. Install the history-recording-storage option 2. For each connection configuration profile, in the Screen Recording section set: Recording Path = ${HISTORY_PATH}/${HISTORY_UUID} Automatically create recording path = tick # To create a quasi SSO pass through for LDAP and others, for each connection configuration profile: Add ${GUAC_USERNAME} to the Username field for each connection profile Add ${GUAC_PASSWORD} to the Password field for each connection profile #################### Guacamole Debug mode #################### sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f #Verbose logs will start in the console. ################################################ Switch to Debian Testing repo (upgrade/bugfix beyond a current stable package) ################################################ sudo apt update && sudo apt upgrade -y # Update first sudo cp /etc/apt/sources.list sources.list.backup # Backup sources list sudo sed -i 's/bullseye/testing/g' /etc/apt/sources.list # Switch to testing sudo nano /etc/apt/sources.list # Now manually edit comment out all lines having "security.debian.org" comment out all lines that end with "updates" add this line: deb http://security.debian.org testing-security main sudo apt update && sudo apt-get install --only-upgrade libssh2-1-dev # update an individual package ############################################### Audit Guacamole Connections and User access. ############################################### mysql -u root -p guacamole_db select guacamole_entity.name, guacamole_connection.connection_name, guacamole_connection_permission.permission from guacamole_connection left join guacamole_connection_permission on guacamole_connection_permission.connection_id = guacamole_connection.connection_id left join guacamole_entity on guacamole_entity.entity_id = guacamole_connection_permission.entity_id where guacamole_connection_permission.permission = 'READ' and guacamole_entity.name != 'guacadmin'; Quit to exit ############################################### # Manually reset TOTP configuration for a user ############################################### # This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference. mysql -u root -p use guacamole_db; SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin'; UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1'; quit; ############################################### # Quick troubleshoot SQL commands ############################################### # Login sudo mysql -u root -p # Check time zone SELECT @@time_zone; # Rename user from local to remove access use guacamole_db; RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%'; # Check user access SELECT user,host FROM mysql.user; SHOW GRANTS FOR guacamole_user; ######################### Nginx load / DoS testing ######################### https://ourcodeworld.com/articles/read/949/how-to-perform-a-dos-attack-slow-http-with-slowhttptest-test-your-server-slowloris-protection-in-kali-linux slowhttptest -c 10000 -H -g -o ./output_file -i 3 -r 500 -t GET -u http://jumpbox.domain.com -x 24 -p 2 ##################################################### Allow local browser microphone redirect without TLS ##################################################### chrome://flags/#unsafely-treat-insecure-origin-as-secure