Merge branch 'feature/KASM-5317_remove_terminals' into 'develop'

KASM-5317 remove terminals, KASM-5318 restrict local file urls Closes KASM-5317 See merge request kasm-technologies/internal/workspaces-images!157
2024-11-22 08:03:19 +01:00 · 2023-12-14 21:48:43 +00:00 · 2023-12-14 21:48:43 +00:00 · 177d754977
commit 177d754977
parent b589f6d6da 80cd3af358
9 changed files with 67 additions and 0 deletions
--- a/5
+++ b/5
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/brave/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/5
+++ b/5
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/chrome/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/5
+++ b/5
@ -19,6 +19,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/5
+++ b/5
@ -24,6 +24,11 @@ ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/edge/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/4
+++ b/4
@ -21,6 +21,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/4
+++ b/4
@ -20,6 +20,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
--- a/5
+++ b/5
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel

+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com

--- a/src/common/chrome-managed-policies/urlblocklist.json
+++ b/src/common/chrome-managed-policies/urlblocklist.json
@ -0,0 +1,3 @@
+{
+    "URLBlocklist": ["file://*"]
+}
--- a/src/ubuntu/install/misc/single_app_security.sh
+++ b/src/ubuntu/install/misc/single_app_security.sh
@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+REMOVE_TERMINALS=false
+
+while getopts "th" var
+do
+   case "$var" in
+       t) REMOVE_TERMINALS=true;;
+       h) echo "Valid arguments:"
+          echo "-t    Remove terminals"
+       ;;
+   esac
+done
+
+## Remote unneeded packages
+
+#Remove Terminals
+if [ "$REMOVE_TERMINALS" = true ] ; then
+    echo "Removing terminals..."
+    if [ -x "$(command -v apt-get)" ]; then
+        echo "apt package manager detected"
+        terminals=("koi8rxterm" "lxterm" "xterm" "x-terminal-emulator" "xfce4-terminal" "xfce4-terminal.wrapper")
+
+        for termapp in ${terminals[@]}; do
+            if [[ $(apt -qq list "$termapp") ]] ; then
+                echo "Removing termina all $termapp."
+                apt remove -y ${termapp}
+            fi
+        done
+    fi
+fi