HamzaAlayed · August 15, 2025 11:55
diff --git a/setup_rdp_ubuntu.sh b/setup_rdp_ubuntu.sh
 #!/bin/bash

 # =================================================================
 # Ubuntu RDP Server Setup Script
 #
 # This script automates the configuration of an Ubuntu server for
 # secure, high-performance remote desktop access using XFCE and xrdp.
 #
 # It includes:
 #   - XFCE Desktop Environment installation
 #   - xrdp server setup
 #   - Self-signed TLS certificate for encryption
 #   - Firewall configuration (UFW)
 #   - Fail2Ban for brute-force protection
 #   - Automatic security updates
 #   - Interactive swap file creation
 #   - Interactive user creation
 #
 # USAGE:
 #   1. Download the script: curl -o setup_rdp_ubuntu.sh <URL>
 #   2. Make it executable: chmod +x setup_rdp_ubuntu.sh
 #   3. Run with root privileges: sudo ./setup_rdp_ubuntu.sh
 # =================================================================

 # --- Script requires root privileges ---
 if [ "$(id -u)" -ne 0 ]; then
  echo "This script must be run as root. Please use sudo." >&2
  exit 1
 fi

 # --- Function to print progress ---
 print_step() {
  echo ""
  echo "================================================="
  echo "=> $1"
  echo "================================================="
 }

 # --- 1. System Update and Upgrade ---
 print_step "Updating and upgrading system packages..."
 apt-get update && apt-get upgrade -y

 # --- 2. Install Desktop Environment and XRDP ---
 print_step "Installing XFCE Desktop, XRDP, and other utilities..."
 # Set frontend to noninteractive to avoid display manager prompt
 export DEBIAN_FRONTEND=noninteractive
 apt-get install -y xfce4 xfce4-goodies xrdp fail2ban unattended-upgrades lightdm

 # Configure lightdm as the default display manager
 echo "/usr/sbin/lightdm" > /etc/X11/default-display-manager

 # --- 3. Configure XRDP to use XFCE ---
 print_step "Configuring XRDP to use XFCE as the default session..."
 cat > /etc/xrdp/startwm.sh <<EOF
 #!/bin/sh
 # This script is executed for each new user session
 unset DBUS_SESSION_BUS_ADDRESS
 unset XDG_RUNTIME_DIR
 startxfce4
 EOF
 chmod +x /etc/xrdp/startwm.sh

 # --- 4. Secure XRDP with a TLS Certificate ---
 print_step "Generating a self-signed TLS certificate for XRDP..."
 openssl req -x509 -newkey rsa:2048 -nodes \
  -keyout /etc/ssl/private/xrdp.key \
  -out /etc/ssl/certs/xrdp.crt \
  -days 365 \
  -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=$(hostname)"

 print_step "Configuring XRDP to use the new certificate..."
 cp /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.bak
 sed -i 's|^certificate=.*|certificate=/etc/ssl/certs/xrdp.crt|' /etc/xrdp/xrdp.ini
 sed -i 's|^key_file=.*|key_file=/etc/ssl/private/xrdp.key|' /etc/xrdp/xrdp.ini

 print_step "Setting permissions for the private key..."
 adduser xrdp ssl-cert

 # --- 5. Set up Swap File ---
 print_step "Setting up the swap file..."
 if [ -f /swapfile ]; then
    echo "Swap file already exists. Skipping creation."
 else
    read -p "Enter the desired swap size (e.g., 4G, 8G) [default: 4G]: " user_swap_size
    # Use the user's input, or default to 4G if the input is empty
    SWAP_SIZE=${user_swap_size:-4G}
    
    echo "Creating a ${SWAP_SIZE} swap file..."
    fallocate -l ${SWAP_SIZE} /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo '/swapfile none swap sw 0 0' >> /etc/fstab
    echo "Swap file created and enabled."
 fi
 swapon --show

 # --- 6. Configure Firewall (UFW) ---
 print_step "Configuring the firewall (UFW)..."
 ufw allow ssh
 ufw allow 3389/tcp
 echo "y" | ufw enable
 ufw status

 # --- 7. Enable Automatic Security Updates ---
 print_step "Enabling automatic security updates..."
 dpkg-reconfigure -plow unattended-upgrades

 # --- 8. Restart Services ---
 print_step "Restarting XRDP service to apply all changes..."
 systemctl restart xrdp

 # --- 9. Create a New User ---
 print_step "Creating a new user for RDP access..."
 read -p "Enter username for the new RDP user: " username
 if id "$username" &>/dev/null; then
    echo "User '$username' already exists. Skipping creation."
 else
    adduser --gecos "" "$username"
    read -p "Do you want to grant this user admin (sudo) privileges? (y/n): " grant_sudo
    if [[ "$grant_sudo" =~ ^[Yy]$ ]]; then
        usermod -aG sudo "$username"
        echo "User '$username' created and added to the sudo group."
    else
        echo "User '$username' created as a standard user."
    fi
 fi

 # --- 10. Final Summary ---
 SERVER_IP=$(hostname -I | awk '{print $1}')
 print_step "Setup Complete!"
 echo "You can now connect to this server using the following details:"
 echo "  IP Address: ${SERVER_IP}"
 echo "  Username:   ${username}"
 echo ""
 echo "IMPORTANT:"
 echo "When you first connect, your RDP client will show a security warning"
 echo "because the certificate is self-signed. This is expected."
 echo "You can safely accept the warning to proceed."
 echo ""
 echo "Rebooting is recommended to ensure all changes are applied."
 read -p "Reboot now? (y/n): " reboot_now
 if [[ "$reboot_now" =~ ^[Yy]$ ]]; then
    echo "Rebooting..."
    reboot
 fi

 exit 0
	#!/bin/bash

	# =================================================================
	# Ubuntu RDP Server Setup Script
	#
	# This script automates the configuration of an Ubuntu server for
	# secure, high-performance remote desktop access using XFCE and xrdp.
	#
	# It includes:
	# - XFCE Desktop Environment installation
	# - xrdp server setup
	# - Self-signed TLS certificate for encryption
	# - Firewall configuration (UFW)
	# - Fail2Ban for brute-force protection
	# - Automatic security updates
	# - Interactive swap file creation
	# - Interactive user creation
	#
	# USAGE:
	# 1. Download the script: curl -o setup_rdp_ubuntu.sh <URL>
	# 2. Make it executable: chmod +x setup_rdp_ubuntu.sh
	# 3. Run with root privileges: sudo ./setup_rdp_ubuntu.sh
	# =================================================================

	# --- Script requires root privileges ---
	if [ "$(id -u)" -ne 0 ]; then
	echo "This script must be run as root. Please use sudo." >&2
	exit 1
	fi

	# --- Function to print progress ---
	print_step() {
	echo ""
	echo "================================================="
	echo "=> $1"
	echo "================================================="
	}

	# --- 1. System Update and Upgrade ---
	print_step "Updating and upgrading system packages..."
	apt-get update && apt-get upgrade -y

	# --- 2. Install Desktop Environment and XRDP ---
	print_step "Installing XFCE Desktop, XRDP, and other utilities..."
	# Set frontend to noninteractive to avoid display manager prompt
	export DEBIAN_FRONTEND=noninteractive
	apt-get install -y xfce4 xfce4-goodies xrdp fail2ban unattended-upgrades lightdm

	# Configure lightdm as the default display manager
	echo "/usr/sbin/lightdm" > /etc/X11/default-display-manager

	# --- 3. Configure XRDP to use XFCE ---
	print_step "Configuring XRDP to use XFCE as the default session..."
	cat > /etc/xrdp/startwm.sh <<EOF
	#!/bin/sh
	# This script is executed for each new user session
	unset DBUS_SESSION_BUS_ADDRESS
	unset XDG_RUNTIME_DIR
	startxfce4
	EOF
	chmod +x /etc/xrdp/startwm.sh

	# --- 4. Secure XRDP with a TLS Certificate ---
	print_step "Generating a self-signed TLS certificate for XRDP..."
	openssl req -x509 -newkey rsa:2048 -nodes \
	-keyout /etc/ssl/private/xrdp.key \
	-out /etc/ssl/certs/xrdp.crt \
	-days 365 \
	-subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=$(hostname)"

	print_step "Configuring XRDP to use the new certificate..."
	cp /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.bak
	sed -i 's\|^certificate=.*\|certificate=/etc/ssl/certs/xrdp.crt\|' /etc/xrdp/xrdp.ini
	sed -i 's\|^key_file=.*\|key_file=/etc/ssl/private/xrdp.key\|' /etc/xrdp/xrdp.ini

	print_step "Setting permissions for the private key..."
	adduser xrdp ssl-cert

	# --- 5. Set up Swap File ---
	print_step "Setting up the swap file..."
	if [ -f /swapfile ]; then
	echo "Swap file already exists. Skipping creation."
	else
	read -p "Enter the desired swap size (e.g., 4G, 8G) [default: 4G]: " user_swap_size
	# Use the user's input, or default to 4G if the input is empty
	SWAP_SIZE=${user_swap_size:-4G}

	echo "Creating a ${SWAP_SIZE} swap file..."
	fallocate -l ${SWAP_SIZE} /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	echo '/swapfile none swap sw 0 0' >> /etc/fstab
	echo "Swap file created and enabled."
	fi
	swapon --show

	# --- 6. Configure Firewall (UFW) ---
	print_step "Configuring the firewall (UFW)..."
	ufw allow ssh
	ufw allow 3389/tcp
	echo "y" \| ufw enable
	ufw status

	# --- 7. Enable Automatic Security Updates ---
	print_step "Enabling automatic security updates..."
	dpkg-reconfigure -plow unattended-upgrades

	# --- 8. Restart Services ---
	print_step "Restarting XRDP service to apply all changes..."
	systemctl restart xrdp

	# --- 9. Create a New User ---
	print_step "Creating a new user for RDP access..."
	read -p "Enter username for the new RDP user: " username
	if id "$username" &>/dev/null; then
	echo "User '$username' already exists. Skipping creation."
	else
	adduser --gecos "" "$username"
	read -p "Do you want to grant this user admin (sudo) privileges? (y/n): " grant_sudo
	if [[ "$grant_sudo" =~ ^[Yy]$ ]]; then
	usermod -aG sudo "$username"
	echo "User '$username' created and added to the sudo group."
	else
	echo "User '$username' created as a standard user."
	fi
	fi

	# --- 10. Final Summary ---
	SERVER_IP=$(hostname -I \| awk '{print $1}')
	print_step "Setup Complete!"
	echo "You can now connect to this server using the following details:"
	echo " IP Address: ${SERVER_IP}"
	echo " Username: ${username}"
	echo ""
	echo "IMPORTANT:"
	echo "When you first connect, your RDP client will show a security warning"
	echo "because the certificate is self-signed. This is expected."
	echo "You can safely accept the warning to proceed."
	echo ""
	echo "Rebooting is recommended to ensure all changes are applied."
	read -p "Reboot now? (y/n): " reboot_now
	if [[ "$reboot_now" =~ ^[Yy]$ ]]; then
	echo "Rebooting..."
	reboot
	fi

	exit 0
No results found