#!/bin/bash # # Set Encryption Key/Cert define in rdp-enc-setup # Run rdp-enc-setup first before this script # CAUTION: Hard-coded file names between scripts! # if [ "$UID" -eq 0 ] then echo "This script should NOT be run as root." exit 1 fi # if [ $# -ne 1 ]; then echo "Usage for $0 : VM Name required as argument." exit 1 fi # # Virtual Machine Name VB_VM_NAME=$1 # VM_VB_CONFIG_DIR=/etc/vbox VM_VB_CERT_DIR=$VM_VB_CONFIG_DIR/tls if [ ! -d "$VM_VB_CERT_DIR" ]; then echo "Error: Specified $VM_VB_CERT_DIR not found" echo "Perhaps 520-rdp-enc.bash was NOT run?" exit 1 fi # VM_VB_RDP_ENCRYPT_CA_KEY=$VM_VB_CERT_DIR/ca_key.pem VM_VB_RDP_ENCRYPT_CA_CERT=$VM_VB_CERT_DIR/ca_crt.pem VM_VB_RDP_SERVER_KEY=$VM_VB_CERT_DIR/sr_key.pem VM_VB_RDP_SERVER_CERT=$VM_VB_CERT_DIR/sr_crt.pem VM_VB_RDP_SERVER_SIGN_REQUEST=$VM_VB_CERT_DIR/sr_req.pem # file_not_found=0 if [ ! -f $VM_VB_RDP_ENCRYPT_CA_KEY ]; then echo "Cannot find file: $VM_VB_RDP_ENCRYPT_CA_KEY" let "file_not_found++" fi if [ ! -f $VM_VB_RDP_ENCRYPT_CA_CERT ]; then echo "Cannot find file: $VM_VB_RDP_ENCRYPT_CA_CERT" let "file_not_found++" fi if [ ! -f $VM_VB_RDP_SERVER_KEY ]; then echo "Cannot find file: $VM_VB_RDP_SERVER_KEY" let "file_not_found++" fi if [ ! -f $VM_VB_RDP_SERVER_CERT ]; then echo "Cannot find file: $VM_VB_RDP_SERVER_CERT" let "file_not_found++" fi if [ ! -f $VM_VB_RDP_SERVER_SIGN_REQUEST ]; then echo "Cannot find file: $VM_VB_RDP_SERVER_SIGN_REQUEST" let "file_not_found++" fi # # Check if VM is powered-off VM_POWERED_ON=`VBoxManage list runningvms|grep -c '^"'${VB_VM_NAME}'"'` if [ $VM_POWERED_ON -eq 1 ]; then echo "VM needs to be powered off or saved" let "file_not_found++" fi # if [ $file_not_found -ne 0 ]; then exit 1 fi # # Setup security method as "negotiate". # Alternatives are Standard RDP and Enhanced RDP (TLS) VBoxManage modifyvm $VB_VM_NAME \ --vrdeproperty "Security/Method=negotiate" VBoxManage modifyvm $VB_VM_NAME \ --vrdeproperty "Security/CACertificate=$VM_VB_RDP_ENCRYPT_CA_CERT" VBoxManage modifyvm $VB_VM_NAME \ --vrdeproperty "Security/ServerCertificate=$VM_VB_RDP_SERVER_CERT" VBoxManage modifyvm $VB_VM_NAME \ --vrdeproperty "Security/ServerPrivateKey=$VM_VB_RDP_SERVER_KEY" # VBoxManage showvminfo ${VB_VM_NAME}|grep Security # exit