-diff -ur xrdp-0.9.7.orig/sesman/sesman.ini xrdp-0.9.7/sesman/sesman.ini
---- xrdp-0.9.7.orig/sesman/sesman.ini 2018-06-29 08:18:27.000000000 +0000
-+++ xrdp-0.9.7/sesman/sesman.ini 2018-07-04 18:54:10.174090693 +0000
-@@ -14,11 +14,11 @@
+diff -ur xrdp-0.9.19.orig/sesman/sesman.ini xrdp-0.9.19/sesman/sesman.ini
+--- xrdp-0.9.19.orig/sesman/sesman.ini 2022-03-17 07:21:20.000000000 +0100
++++ xrdp-0.9.19/sesman/sesman.ini 2022-04-01 00:52:52.926266171 +0200
+@@ -12,13 +12,13 @@
+ ReconnectScript=reconnectwm.sh
+
[Security]
- AllowRootLogin=true
+-AllowRootLogin=true
++AllowRootLogin=false
MaxLoginRetry=4
-TerminalServerUsers=tsusers
-TerminalServerAdmins=tsadmins
-+TerminalServerUsers=users
++TerminalServerUsers=xrdp
+TerminalServerAdmins=root
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
-AlwaysGroupCheck=false
+AlwaysGroupCheck=true
-
- [Sessions]
- ;; X11DisplayOffset - x11 display number offset
-@@ -55,10 +55,10 @@
- Policy=Default
+ ; When RestrictOutboundClipboard=all clipboard from the
+ ; server is not pushed to the client.
+ ; In addition, you can control text/file/image transfer restrictions
+@@ -80,13 +80,13 @@
[Logging]
+ ; Note: Log levels can be any of: core, error, warning, info, debug, or trace
-LogFile=xrdp-sesman.log
--LogLevel=DEBUG
+LogFile=/dev/null
-+LogLevel=INFO
- EnableSyslog=1
--SyslogLevel=DEBUG
+ LogLevel=INFO
+ EnableSyslog=true
+-#SyslogLevel=INFO
+-#EnableConsole=false
+-#ConsoleLevel=INFO
+-#EnableProcessId=false
+SyslogLevel=INFO
++EnableConsole=false
++ConsoleLevel=INFO
++EnableProcessId=false
- ;
- ; Session definitions - startup command-line parameters for each session type
-@@ -81,8 +81,8 @@
+ [LoggingPerLogger]
+ ; Note: per logger configuration is only used if xrdp is built with
+@@ -117,8 +117,8 @@
param=-noreset
param=-nolisten
param=tcp
+#param=-logfile
+#param=.xorgxrdp.%s.log
- [X11rdp]
- param=X11rdp
-diff -ur xrdp-0.9.7.orig/xrdp/xrdp.ini xrdp-0.9.7/xrdp/xrdp.ini
---- xrdp-0.9.7.orig/xrdp/xrdp.ini 2018-06-29 08:18:27.000000000 +0000
-+++ xrdp-0.9.7/xrdp/xrdp.ini 2018-07-04 18:55:55.985084386 +0000
-@@ -118,10 +118,10 @@
- ls_btn_cancel_height=30
+ [Xvnc]
+ param=Xvnc
+diff -ur xrdp-0.9.19.orig/xrdp/xrdp.ini xrdp-0.9.19/xrdp/xrdp.ini
+--- xrdp-0.9.19.orig/xrdp/xrdp.ini 2022-03-17 07:16:35.000000000 +0100
++++ xrdp-0.9.19/xrdp/xrdp.ini 2022-04-01 00:53:37.547367844 +0200
+@@ -5,6 +5,9 @@
+ ; fork a new process for each incoming connection
+ fork=true
+
++; IP address to listen
++#address=127.0.0.1
++
+ ; ports to listen on, number alone means listen on all interfaces
+ ; 0.0.0.0 or :: if ipv6 is configured
+ ; space between multiple occurrences
+@@ -178,13 +181,13 @@
[Logging]
+ ; Note: Log levels can be any of: core, error, warning, info, debug, or trace
-LogFile=xrdp.log
--LogLevel=DEBUG
+LogFile=/dev/null
-+LogLevel=INFO
+ LogLevel=INFO
EnableSyslog=true
--SyslogLevel=DEBUG
+-#SyslogLevel=INFO
+-#EnableConsole=false
+-#ConsoleLevel=INFO
+-#EnableProcessId=false
+SyslogLevel=INFO
- ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
++EnableConsole=false
++ConsoleLevel=INFO
++EnableProcessId=false
- [Channels]
-@@ -153,24 +153,24 @@
+ [LoggingPerLogger]
+ ; Note: per logger configuration is only used if xrdp is built with
+@@ -218,14 +221,15 @@
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
-ip=127.0.0.1
-port=-1
-code=20
--
--[X11rdp]
--name=X11rdp
--lib=libxup.so
--username=ask
--password=ask
--ip=127.0.0.1
--port=-1
--xserverbpp=24
--code=10
++
+#[Xorg]
+#name=Xorg
+#lib=libxup.so
+#ip=127.0.0.1
+#port=-1
+#code=20
-+
-+#[X11rdp]
-+#name=X11rdp
-+#lib=libxup.so
-+#username=ask
-+#password=ask
-+#ip=127.0.0.1
-+#port=-1
-+#xserverbpp=24
-+#code=10
[Xvnc]
name=Xvnc
-@@ -182,43 +182,43 @@
- #xserverbpp=24
- #delay_ms=2000
-
--[console]
--name=console
--lib=libvnc.so
--ip=127.0.0.1
--port=5900
--username=na
--password=ask
-+#[console]
-+#name=console
-+#lib=libvnc.so
-+#ip=127.0.0.1
-+#port=5900
-+#username=na
-+#password=ask
- #delay_ms=2000
-
+@@ -247,13 +251,13 @@
+ ; Generic VNC Proxy
+ ; Tailor this to specific hosts and VNC instances by specifying an ip
+ ; and port and setting a suitable name.
-[vnc-any]
-name=vnc-any
-lib=libvnc.so
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
- #delay_ms=2000
-
--[sesman-any]
--name=sesman-any
--lib=libvnc.so
--ip=ask
--port=-1
--username=ask
--password=ask
-+#[sesman-any]
-+#name=sesman-any
-+#lib=libvnc.so
-+#ip=ask
-+#port=-1
-+#username=ask
-+#password=ask
- #delay_ms=2000
-
+@@ -262,15 +266,15 @@
+ ; Generic RDP proxy using NeutrinoRDP
+ ; Tailor this to specific hosts by specifying an ip and port and setting
+ ; a suitable name.
-[neutrinordp-any]
-name=neutrinordp-any
++#[neutrinordp-any]
++#name=neutrinordp-any
+ ; To use this section, you should build xrdp with configure option
+ ; --enable-neutrinordp.
-lib=libxrdpneutrinordp.so
-ip=ask
-port=ask3389
-username=ask
-password=ask
-+#[neutrinordp-any]
-+#name=neutrinordp-any
+#lib=libxrdpneutrinordp.so
+#ip=ask
+#port=ask3389
+#username=ask
+#password=ask
-
- ; You can override the common channel settings for each session type
- #channel.rdpdr=true
+ ; Uncomment the following lines to enable PAM authentication for proxy
+ ; connections.
+ #pamusername=ask