]> TLD Linux GIT Repositories - packages/xrdp.git/blob - config.patch
TLD / packages / xrdp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- release 2, disallow root logins and use xrdp group instead of users
[packages/xrdp.git] / config.patch
1 diff -ur xrdp-0.9.7.orig/sesman/sesman.ini xrdp-0.9.7/sesman/sesman.ini
2 --- xrdp-0.9.7.orig/sesman/sesman.ini   2018-06-29 08:18:27.000000000 +0000
3 +++ xrdp-0.9.7/sesman/sesman.ini        2018-09-06 09:10:42.289218472 +0000
4 @@ -12,13 +12,13 @@
5  ReconnectScript=reconnectwm.sh
6  
7  [Security]
8 -AllowRootLogin=true
9 +AllowRootLogin=false
10  MaxLoginRetry=4
11 -TerminalServerUsers=tsusers
12 -TerminalServerAdmins=tsadmins
13 +TerminalServerUsers=xrdp
14 +TerminalServerAdmins=root
15  ; When AlwaysGroupCheck=false access will be permitted
16  ; if the group TerminalServerUsers is not defined.
17 -AlwaysGroupCheck=false
18 +AlwaysGroupCheck=true
19  
20  [Sessions]
21  ;; X11DisplayOffset - x11 display number offset
22 @@ -55,10 +55,10 @@
23  Policy=Default
24  
25  [Logging]
26 -LogFile=xrdp-sesman.log
27 -LogLevel=DEBUG
28 +LogFile=/dev/null
29 +LogLevel=INFO
30  EnableSyslog=1
31 -SyslogLevel=DEBUG
32 +SyslogLevel=INFO
33  
34  ;
35  ; Session definitions - startup command-line parameters for each session type
36 @@ -81,8 +81,8 @@
37  param=-noreset
38  param=-nolisten
39  param=tcp
40 -param=-logfile
41 -param=.xorgxrdp.%s.log
42 +#param=-logfile
43 +#param=.xorgxrdp.%s.log
44  
45  [X11rdp]
46  param=X11rdp
47 diff -ur xrdp-0.9.7.orig/xrdp/xrdp.ini xrdp-0.9.7/xrdp/xrdp.ini
48 --- xrdp-0.9.7.orig/xrdp/xrdp.ini       2018-06-29 08:18:27.000000000 +0000
49 +++ xrdp-0.9.7/xrdp/xrdp.ini    2018-09-06 09:13:13.540216769 +0000
50 @@ -4,6 +4,8 @@
51  
52  ; fork a new process for each incoming connection
53  fork=true
54 +; IP address to listen
55 +;address=127.0.0.1
56  ; tcp port to listen
57  port=3389
58  ; 'port' above should be connected to with vsock instead of tcp
59 @@ -118,10 +120,10 @@
60  ls_btn_cancel_height=30
61  
62  [Logging]
63 -LogFile=xrdp.log
64 -LogLevel=DEBUG
65 +LogFile=/dev/null
66 +LogLevel=INFO
67  EnableSyslog=true
68 -SyslogLevel=DEBUG
69 +SyslogLevel=INFO
70  ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
71  
72  [Channels]
73 @@ -153,24 +155,24 @@
74  ; Some session types such as Xorg, X11rdp and Xvnc start a display server.
75  ; Startup command-line parameters for the display server are configured
76  ; in sesman.ini. See and configure also sesman.ini.
77 -[Xorg]
78 -name=Xorg
79 -lib=libxup.so
80 -username=ask
81 -password=ask
82 -ip=127.0.0.1
83 -port=-1
84 -code=20
85 -
86 -[X11rdp]
87 -name=X11rdp
88 -lib=libxup.so
89 -username=ask
90 -password=ask
91 -ip=127.0.0.1
92 -port=-1
93 -xserverbpp=24
94 -code=10
95 +#[Xorg]
96 +#name=Xorg
97 +#lib=libxup.so
98 +#username=ask
99 +#password=ask
100 +#ip=127.0.0.1
101 +#port=-1
102 +#code=20
103 +
104 +#[X11rdp]
105 +#name=X11rdp
106 +#lib=libxup.so
107 +#username=ask
108 +#password=ask
109 +#ip=127.0.0.1
110 +#port=-1
111 +#xserverbpp=24
112 +#code=10
113  
114  [Xvnc]
115  name=Xvnc
116 @@ -182,43 +184,43 @@
117  #xserverbpp=24
118  #delay_ms=2000
119  
120 -[console]
121 -name=console
122 -lib=libvnc.so
123 -ip=127.0.0.1
124 -port=5900
125 -username=na
126 -password=ask
127 +#[console]
128 +#name=console
129 +#lib=libvnc.so
130 +#ip=127.0.0.1
131 +#port=5900
132 +#username=na
133 +#password=ask
134  #delay_ms=2000
135  
136 -[vnc-any]
137 -name=vnc-any
138 -lib=libvnc.so
139 -ip=ask
140 -port=ask5900
141 -username=na
142 -password=ask
143 +#[vnc-any]
144 +#name=vnc-any
145 +#lib=libvnc.so
146 +#ip=ask
147 +#port=ask5900
148 +#username=na
149 +#password=ask
150  #pamusername=asksame
151  #pampassword=asksame
152  #pamsessionmng=127.0.0.1
153  #delay_ms=2000
154  
155 -[sesman-any]
156 -name=sesman-any
157 -lib=libvnc.so
158 -ip=ask
159 -port=-1
160 -username=ask
161 -password=ask
162 +#[sesman-any]
163 +#name=sesman-any
164 +#lib=libvnc.so
165 +#ip=ask
166 +#port=-1
167 +#username=ask
168 +#password=ask
169  #delay_ms=2000
170  
171 -[neutrinordp-any]
172 -name=neutrinordp-any
173 -lib=libxrdpneutrinordp.so
174 -ip=ask
175 -port=ask3389
176 -username=ask
177 -password=ask
178 +#[neutrinordp-any]
179 +#name=neutrinordp-any
180 +#lib=libxrdpneutrinordp.so
181 +#ip=ask
182 +#port=ask3389
183 +#username=ask
184 +#password=ask
185  
186  ; You can override the common channel settings for each session type
187  #channel.rdpdr=true
Remote desktop server