Udara-Dananjaya/Install KASM Workspace.sh

## Install KASM Workspace.sh
# Gain superuser privileges
sudo -i

# Create swap area for managing memory
sudo dd if=/dev/zero bs=1M count=5024 of=/mnt/swapfile.swap
sudo chmod 600 /mnt/swapfile.swap
sudo mkswap /mnt/swapfile.swap
sudo swapon /mnt/swapfile.swap
echo '/mnt/swapfile.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab

# Verify swap area
cat /proc/swaps

# Check available RAM and disk space
free -m
df -h

# Define firewall rules for specified ports and sources
# Subnet > Ingress Rule > Source CIDR > 0.0.0.0/0
# TCP PORTS :80,443 #HTTP and HTTPS

# Update the list of available software packages
sudo apt update -y

# Upgrade installed packages to their latest versions
sudo apt-get upgrade -y
sudo apt-get full-upgrade -y

# Clear existing iptables rules
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F

# Set hostname
hostnamectl set-hostname hostname.domain
hostname

# Get Kasm download link: https://www.kasmweb.com/downloads
# Download Kasm latest version
wget https://kasm-static-content.s3.amazonaws.com/kasm_release_1.11.0.18142e.tar.gz

# Extract the downloaded file
tar -xf kasm_release*.tar.gz
tar -xf kasm_release_1.11.0.18142e.tar.gz

# Run installation script
sudo bash kasm_release/install.sh
# Accept End User License Agreement by typing 'Y'

# Get SSL certificate from 'Let's Encrypt' using Certbot
sudo apt install certbot -y
sudo certbot certonly --standalone -d example.com
sudo ufw allow 80/tcp #Enable 80 Port on firewall

# Upload certificates to Kasm
sudo /opt/kasm/bin/stop
cp /etc/letsencrypt/live/example.com/cert.pem /opt/kasm/current/certs/kasm_nginx.crt
cp /etc/letsencrypt/live/example.com/privkey.pem /opt/kasm/current/certs/kasm_nginx.key
sudo /opt/kasm/bin/start

# Generate CA private key and Kasm private key (commands for generating the keys)
# Generate CA private key
sudo openssl genrsa -aes256 -out private-ca.key 2048

# Create CA self-signed certificate
sudo openssl req -x509 -new -nodes -key private-ca.key -sha256 -days 3650 -out private-ca.pem
sudo cp private-ca.pem /usr/local/share/ca-certificates/private-ca.crt

# Update CA certificates database
sudo update-ca-certificates
sudo update-ca-certificates --fresh / # Rebuild from scratch

# Verify CA certificates database
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep Cyber

# Generate Kasm private key
sudo openssl genrsa -out kasm.rpi.key 2048

# Create Kasm Certificate Signing Request (CSR)
sudo openssl req -new -key kasm.rpi.key -out kasm.rpi.csr

# Define Kasm certificate extensions
sudo nano kasm.rpi.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kasm.rpi
EOF

# Generate Kasm certificate signed by CA
sudo openssl x509 -req -in kasm.rpi.csr -CA private-ca.pem -CAkey private-ca.key -CAcreateserial -out kasm.rpi.crt -days 730 -sha256 -extfile kasm.rpi.ext

# Upload Kasm certificates
sudo /opt/kasm/bin/stop
sudo cp ~/kasm.rpi.crt /opt/kasm/current/certs/kasm_nginx.crt
sudo cp ~/kasm.rpi.key /opt/kasm/current/certs/kasm_nginx.key
sudo /opt/kasm/bin/start
	# Gain superuser privileges
	sudo -i

	# Create swap area for managing memory
	sudo dd if=/dev/zero bs=1M count=5024 of=/mnt/swapfile.swap
	sudo chmod 600 /mnt/swapfile.swap
	sudo mkswap /mnt/swapfile.swap
	sudo swapon /mnt/swapfile.swap
	echo '/mnt/swapfile.swap swap swap defaults 0 0' \| sudo tee -a /etc/fstab

	# Verify swap area
	cat /proc/swaps

	# Check available RAM and disk space
	free -m
	df -h

	# Define firewall rules for specified ports and sources
	# Subnet > Ingress Rule > Source CIDR > 0.0.0.0/0
	# TCP PORTS :80,443 #HTTP and HTTPS

	# Update the list of available software packages
	sudo apt update -y

	# Upgrade installed packages to their latest versions
	sudo apt-get upgrade -y
	sudo apt-get full-upgrade -y

	# Clear existing iptables rules
	sudo iptables -P INPUT ACCEPT
	sudo iptables -P OUTPUT ACCEPT
	sudo iptables -P FORWARD ACCEPT
	sudo iptables -F

	# Set hostname
	hostnamectl set-hostname hostname.domain
	hostname

	# Get Kasm download link: https://www.kasmweb.com/downloads
	# Download Kasm latest version
	wget https://kasm-static-content.s3.amazonaws.com/kasm_release_1.11.0.18142e.tar.gz

	# Extract the downloaded file
	tar -xf kasm_release*.tar.gz
	tar -xf kasm_release_1.11.0.18142e.tar.gz

	# Run installation script
	sudo bash kasm_release/install.sh
	# Accept End User License Agreement by typing 'Y'

	# Get SSL certificate from 'Let's Encrypt' using Certbot
	sudo apt install certbot -y
	sudo certbot certonly --standalone -d example.com
	sudo ufw allow 80/tcp #Enable 80 Port on firewall

	# Upload certificates to Kasm
	sudo /opt/kasm/bin/stop
	cp /etc/letsencrypt/live/example.com/cert.pem /opt/kasm/current/certs/kasm_nginx.crt
	cp /etc/letsencrypt/live/example.com/privkey.pem /opt/kasm/current/certs/kasm_nginx.key
	sudo /opt/kasm/bin/start

	# Generate CA private key and Kasm private key (commands for generating the keys)
	# Generate CA private key
	sudo openssl genrsa -aes256 -out private-ca.key 2048

	# Create CA self-signed certificate
	sudo openssl req -x509 -new -nodes -key private-ca.key -sha256 -days 3650 -out private-ca.pem
	sudo cp private-ca.pem /usr/local/share/ca-certificates/private-ca.crt

	# Update CA certificates database
	sudo update-ca-certificates
	sudo update-ca-certificates --fresh / # Rebuild from scratch

	# Verify CA certificates database
	awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print \| cmd}' < /etc/ssl/certs/ca-certificates.crt \| grep Cyber

	# Generate Kasm private key
	sudo openssl genrsa -out kasm.rpi.key 2048

	# Create Kasm Certificate Signing Request (CSR)
	sudo openssl req -new -key kasm.rpi.key -out kasm.rpi.csr

	# Define Kasm certificate extensions
	sudo nano kasm.rpi.ext <<EOF
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = kasm.rpi
	EOF

	# Generate Kasm certificate signed by CA
	sudo openssl x509 -req -in kasm.rpi.csr -CA private-ca.pem -CAkey private-ca.key -CAcreateserial -out kasm.rpi.crt -days 730 -sha256 -extfile kasm.rpi.ext

	# Upload Kasm certificates
	sudo /opt/kasm/bin/stop
	sudo cp ~/kasm.rpi.crt /opt/kasm/current/certs/kasm_nginx.crt
	sudo cp ~/kasm.rpi.key /opt/kasm/current/certs/kasm_nginx.key
	sudo /opt/kasm/bin/start