someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-12 17:32:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Easy-Guacamole-Installer/guac-management/useful-config-info.txt
Itiligent 802987c52d Update useful-config-info.txt
2024-08-26 17:35:18 +10:00

125 lines
4.9 KiB
Text
Raw Permalink Blame History

#########################
Connection setup tips:
#########################
# Quick connection syntax (Windows 10 RDP)
rdp://user@xxx.xxx.xxx.xxx/?security=nla&ignore-cert=true
# To view links to recorded sessions from within the connection history page:
1. Install the history-recording-storage option
2. For each connection configuration profile, in the Screen Recording section set:
Recording Path = ${HISTORY_PATH}/${HISTORY_UUID}
Automatically create recording path = tick
# To create a quasi SSO pass through for LDAP and others, for each connection configuration profile:
Add ${GUAC_USERNAME} to the Username field for each connection profile
Add ${GUAC_PASSWORD} to the Password field for each connection profile
####################
Guacamole Debug mode
####################
sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f #Verbose logs will start in the console.
################################################
Switch to Debian Testing repo
(upgrade/bugfix beyond a current stable package)
################################################
sudo apt update && sudo apt upgrade -y # Update first
sudo cp /etc/apt/sources.list sources.list.backup # Backup sources list
sudo sed -i 's/bullseye/testing/g' /etc/apt/sources.list # Switch to testing
sudo nano /etc/apt/sources.list # Now manually edit
comment out all lines having "security.debian.org"
comment out all lines that end with "updates"
add this line: deb http://security.debian.org testing-security main
sudo apt update && sudo apt-get install --only-upgrade libssh2-1-dev # update an individual package
###############################################
Audit Guacamole Connections and User access.
###############################################
mysql -u root -p guacamole_db
select
guacamole_entity.name,
guacamole_connection.connection_name,
guacamole_connection_permission.permission
from
guacamole_connection
left join guacamole_connection_permission on guacamole_connection_permission.connection_id = guacamole_connection.connection_id
left join guacamole_entity on guacamole_entity.entity_id = guacamole_connection_permission.entity_id
where
guacamole_connection_permission.permission = 'READ'
and guacamole_entity.name != 'guacadmin';
Quit to exit
###############################################
# Manually reset TOTP configuration for a user
###############################################
# This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference.
mysql -u root -p
use guacamole_db;
SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';
UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
quit;
###############################################
# Quick troubleshoot SQL commands
###############################################
# Login
sudo mysql -u root -p
# Check time zone
SELECT @@time_zone;
# Rename user from local to remove access
use guacamole_db;
RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';
# Check user access
SELECT user,host FROM mysql.user;
SHOW GRANTS FOR guacamole_user;
#########################
Nginx load / DoS testing
#########################
https://ourcodeworld.com/articles/read/949/how-to-perform-a-dos-attack-slow-http-with-slowhttptest-test-your-server-slowloris-protection-in-kali-linux
slowhttptest -c 10000 -H -g -o ./output_file -i 3 -r 500 -t GET -u http://jumpbox.domain.com -x 24 -p 2
#####################################################
Allow local browser microphone redirect without TLS
#####################################################
chrome://flags/#unsafely-treat-insecure-origin-as-secure
#####################################################
Build Custom Console
####################################################
# clone and edit source
sudo apt update && sudo apt install git
git clone https://github.com/apache/guacamole-client.git
Wdit the en.json file to the values you need
# Install Older Java 8 prerequisites
https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html (needs oracle sign in)
sudo mkdir -p /usr/lib/jvm
sudo tar zxvf jdk-8u411-linux-x64.tar.gz -C /usr/lib/jvm
sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_411/bin/java" 1
sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_411/bin/java
# Install maven to build the new war file
sudo apt install maven
cd ~/guacamole-client
mvn package
new .war file is found in guacamole-client/guacamole/target
# Install the bew .war file into Guacamole
sudo mv -f guacamole-1.5.5.war /etc/guacamole/guacamole.war # copy and rename the new war file
sudo chmod 664 /etc/guacamole/guacamole.war
sudo ln -sf /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/
sudo systemctl restart tomcat9 && sudo systemctl restart guacd
Reference in a new issue View git blame Copy permalink