From 541921af67bbc50b3fb53e7e9d5ff28544418c38 Mon Sep 17 00:00:00 2001 From: Lorenzo Billi Date: Mon, 11 Nov 2019 19:42:45 +0100 Subject: [PATCH 1/4] Created new install script for Kubuntu --- kubuntu/18.04/install.sh | 108 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 kubuntu/18.04/install.sh diff --git a/kubuntu/18.04/install.sh b/kubuntu/18.04/install.sh new file mode 100644 index 0000000..105143e --- /dev/null +++ b/kubuntu/18.04/install.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +# +# This script is for Kubuntu 18.04 Bionic Beaver to download and install XRDP+XORGXRDP via +# source. +# +# Major thanks to: http://c-nergy.be/blog/?p=11336 for the tips. +# + +############################################################################### +# Use HWE kernel packages +# +HWE="" +#HWE="-hwe-18.04" + +############################################################################### +# Update our machine to the latest code if we need to. +# + +if [ "$(id -u)" -ne 0 ]; then + echo 'This script must be run with root privileges' >&2 + exit 1 +fi + +apt update && apt upgrade -y + +if [ -f /var/run/reboot-required ]; then + echo "A reboot is required in order to proceed with the install." >&2 + echo "Please reboot and re-run this script to finish the install." >&2 + exit 1 +fi + +############################################################################### +# XRDP +# + +# Install hv_kvp utils +apt install -y linux-tools-virtual${HWE} +apt install -y linux-cloud-tools-virtual${HWE} + +# Install the xrdp service so we have the auto start behavior +apt install -y xrdp + +systemctl stop xrdp +systemctl stop xrdp-sesman + +# Configure the installed XRDP ini files. +# use vsock transport. +sed -i_orig -e 's/use_vsock=false/use_vsock=true/g' /etc/xrdp/xrdp.ini +# use rdp security. +sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' /etc/xrdp/xrdp.ini +# remove encryption validation. +sed -i_orig -e 's/crypt_level=high/crypt_level=none/g' /etc/xrdp/xrdp.ini +# disable bitmap compression since its local its much faster +sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini + +# Add script to setup the ubuntu session properly +if [ ! -e /etc/xrdp/startubuntu.sh ]; then +cat >> /etc/xrdp/startubuntu.sh << EOF +#!/bin/sh +export GNOME_SHELL_SESSION_MODE=ubuntu +export XDG_CURRENT_DESKTOP=ubuntu:GNOME +exec /etc/xrdp/startwm.sh +EOF +chmod a+x /etc/xrdp/startubuntu.sh +fi + +# use the script to setup the ubuntu session +sed -i_orig -e 's/startwm/startubuntu/g' /etc/xrdp/sesman.ini + +# rename the redirected drives to 'shared-drives' +sed -i -e 's/FuseMountName=thinclient_drives/FuseMountName=shared-drives/g' /etc/xrdp/sesman.ini + +# Changed the allowed_users +sed -i_orig -e 's/allowed_users=console/allowed_users=anybody/g' /etc/X11/Xwrapper.config + +# Blacklist the vmw module +if [ ! -e /etc/modprobe.d/blacklist_vmw_vsock_vmci_transport.conf ]; then +cat >> /etc/modprobe.d/blacklist_vmw_vsock_vmci_transport.conf < /etc/modules-load.d/hv_sock.conf +fi + +# Configure the policy xrdp session +cat > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla < Date: Mon, 11 Nov 2019 21:28:05 +0100 Subject: [PATCH 2/4] Polkit actions modified for KDE desktop It seems that KDE cannot handle most polkit's user elevation prompt correctly, refusing to run many activities that requires administrator permission (including shutting down and restarting the system). Unfortunately the only way to deterministically avoid this behaviour is to allow all polkit actions to be automatically executed without any elevation prompt. To mitigate further security risks, only users of the "sudo" group are allowed to skip the prompts. --- kubuntu/18.04/install.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/kubuntu/18.04/install.sh b/kubuntu/18.04/install.sh index 105143e..ff7d116 100644 --- a/kubuntu/18.04/install.sh +++ b/kubuntu/18.04/install.sh @@ -81,18 +81,23 @@ blacklist vmw_vsock_vmci_transport EOF fi -#Ensure hv_sock gets loaded +# Ensure hv_sock gets loaded if [ ! -e /etc/modules-load.d/hv_sock.conf ]; then echo "hv_sock" > /etc/modules-load.d/hv_sock.conf fi -# Configure the policy xrdp session -cat > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla < /tmp/available_actions +actions=$(sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/;/g' /tmp/available_actions) +rm /tmp/available_actions + +# Configure the policies for xrdp session +cat > /etc/polkit-1/localauthority/50-local.d/xrdp-allow-all.pkla < Date: Mon, 11 Nov 2019 22:22:44 +0100 Subject: [PATCH 3/4] Added required environment variables for KDE session start --- kubuntu/18.04/install.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/kubuntu/18.04/install.sh b/kubuntu/18.04/install.sh index ff7d116..3b6ecae 100644 --- a/kubuntu/18.04/install.sh +++ b/kubuntu/18.04/install.sh @@ -54,19 +54,21 @@ sed -i_orig -e 's/crypt_level=high/crypt_level=none/g' /etc/xrdp/xrdp.ini # disable bitmap compression since its local its much faster sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini -# Add script to setup the ubuntu session properly -if [ ! -e /etc/xrdp/startubuntu.sh ]; then -cat >> /etc/xrdp/startubuntu.sh << EOF +# Add script to setup the kubuntu session properly +if [ ! -e /etc/xrdp/startkubuntu.sh ]; then +cat >> /etc/xrdp/startkubuntu.sh << EOF #!/bin/sh -export GNOME_SHELL_SESSION_MODE=ubuntu -export XDG_CURRENT_DESKTOP=ubuntu:GNOME +export XDG_CURRENT_DESKTOP=KDE +export XDG_SESSION_DESKTOP=KDE +export XDG_DATA_DIRS=/usr/share/plasma:/usr/local/share:/usr/share:/var/lib/snapd/desktop +export XDG_CONFIG_DIRS=/etc/xdg/xdg-plasma:/etc/xdg:/usr/share/kubuntu-default-settings/kf5-settings exec /etc/xrdp/startwm.sh EOF -chmod a+x /etc/xrdp/startubuntu.sh +chmod a+x /etc/xrdp/startkubuntu.sh fi -# use the script to setup the ubuntu session -sed -i_orig -e 's/startwm/startubuntu/g' /etc/xrdp/sesman.ini +# use the script to setup the kubuntu session +sed -i_orig -e 's/startwm/startkubuntu/g' /etc/xrdp/sesman.ini # rename the redirected drives to 'shared-drives' sed -i -e 's/FuseMountName=thinclient_drives/FuseMountName=shared-drives/g' /etc/xrdp/sesman.ini From 38c1702b56c008349f60b957bf2bc6f5a68656ad Mon Sep 17 00:00:00 2001 From: Lorenzo Billi Date: Sun, 26 Apr 2020 00:49:42 +0200 Subject: [PATCH 4/4] Added Kubuntu 20.04 LTS install script --- kubuntu/20.04/install.sh | 115 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 kubuntu/20.04/install.sh diff --git a/kubuntu/20.04/install.sh b/kubuntu/20.04/install.sh new file mode 100644 index 0000000..df99273 --- /dev/null +++ b/kubuntu/20.04/install.sh @@ -0,0 +1,115 @@ +#!/bin/bash + +# +# This script is for Kubuntu 20.04 Focal Fossa to download and install XRDP+XORGXRDP via +# source. +# +# Major thanks to: http://c-nergy.be/blog/?p=11336 for the tips. +# + +############################################################################### +# Use HWE kernel packages +# +HWE="" +#HWE="-hwe-20.04" + +############################################################################### +# Update our machine to the latest code if we need to. +# + +if [ "$(id -u)" -ne 0 ]; then + echo 'This script must be run with root privileges' >&2 + exit 1 +fi + +apt update && apt upgrade -y + +if [ -f /var/run/reboot-required ]; then + echo "A reboot is required in order to proceed with the install." >&2 + echo "Please reboot and re-run this script to finish the install." >&2 + exit 1 +fi + +############################################################################### +# XRDP +# + +# Install hv_kvp utils +apt install -y linux-tools-virtual${HWE} +apt install -y linux-cloud-tools-virtual${HWE} + +# Install the xrdp service so we have the auto start behavior +apt install -y xrdp + +systemctl stop xrdp +systemctl stop xrdp-sesman + +# Configure the installed XRDP ini files. +# do not use vsock transport since newer versions of xrdp do not support it. +sed -i_orig -e 's/port=3389/port=vsock:\/\/-1:3389/g' /etc/xrdp/xrdp.ini +# use rdp security. +sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' /etc/xrdp/xrdp.ini +# remove encryption validation. +sed -i_orig -e 's/crypt_level=high/crypt_level=none/g' /etc/xrdp/xrdp.ini +# disable bitmap compression since its local its much faster +sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' /etc/xrdp/xrdp.ini + +# Add script to setup the kubuntu session properly +if [ ! -e /etc/xrdp/startkubuntu.sh ]; then +cat >> /etc/xrdp/startkubuntu.sh << EOF +#!/bin/sh +export XDG_CURRENT_DESKTOP=KDE +export XDG_SESSION_DESKTOP=KDE +export XDG_DATA_DIRS=/usr/share/plasma:/usr/local/share:/usr/share:/var/lib/snapd/desktop +export XDG_CONFIG_DIRS=/etc/xdg/xdg-plasma:/etc/xdg:/usr/share/kubuntu-default-settings/kf5-settings +exec /etc/xrdp/startwm.sh +EOF +chmod a+x /etc/xrdp/startkubuntu.sh +fi + +# use the script to setup the kubuntu session +sed -i_orig -e 's/startwm/startkubuntu/g' /etc/xrdp/sesman.ini + +# rename the redirected drives to 'shared-drives' +sed -i -e 's/FuseMountName=thinclient_drives/FuseMountName=shared-drives/g' /etc/xrdp/sesman.ini + +# Changed the allowed_users +sed -i_orig -e 's/allowed_users=console/allowed_users=anybody/g' /etc/X11/Xwrapper.config + +# Blacklist the vmw module +if [ ! -e /etc/modprobe.d/blacklist_vmw_vsock_vmci_transport.conf ]; then +cat >> /etc/modprobe.d/blacklist_vmw_vsock_vmci_transport.conf < /etc/modules-load.d/hv_sock.conf +fi + +# Retrieve all available polkit actions and separate them accordingly +pkaction > /tmp/available_actions +actions=$(sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/;/g' /tmp/available_actions) +rm /tmp/available_actions + +# Configure the policies for xrdp session +cat > /etc/polkit-1/localauthority/50-local.d/xrdp-allow-all.pkla <