To Do: Planned and Desired Features

I am using the Github feature "Projects" to keep track of planned, in progress, completed and cancelled features for the Guacamole installation script. This will make it easier to keep track of and maintain a history of various features.

The To-Do: Planned and Desired Features project board will be the up-to-date place to keep track of activity regarding upcoming, in progress and completed features.

I base these plans on my own ideas, suggestions/requests from users and various sources on the internet. If you have an idea please read over How to Report Issues for details on how to suggest or request features.

What this Guacamole script is NOT

1. This script will always be for fresh installs and not updating. I may in the future develop a separate script to perform updates/upgrades.
2. I have no plans to account for distro's other than RHEL/CentOS. I also have no plans to account for versions prior to 7.x.
3. I have no plans to account for older versions of Guacamole (especially pre-Apache) or the dependent software.
4. I have no plans to use alternatives to the software being used, like an alternative to Nginx. That doesn't mean I wont change what software is used in the future, only that if I do so it will be out of need and not providing options.
5. I have no plans to make this script work offline from local packages/sources. It hypothetically could be modified to do so, possibly even by just changing the variables for various URL's and package names, but it is not within the scope of my goals with the script.
6. I do not intend to change course and turn this script into anything other than a bash script, like an Ansible playbook. My intention is to make this usable by the widest range of people with as few additional requirements or existing infrastructure as possible. A bash script ensures that this can be used on a minimal install of RHEL/CentOS without requiring additional packages or other servers/software already setup (just to run the Guacamole install).

Old Historical Changes (List no longer updated)

1. Check for root/sudo prior to running. I would like to test for this when the script is run and back out of the script with a message to the user to run it as root/sudo. Added: 11/20/2018
2. Adjust the script to install Certbot from the Distro's repository instead of downloading the standalone version. This should allow for Certbot to auto-renew certs instead of requiring manual renewal every 90 days. To do this I first need the ability to test LetEncrypt/Certbot myself. Added: 1/8/2019
3. Remove the iptables portion of the script and assume firewalld. Changed: 11/26/2018
4. Remove checks for OS versions lower than 7.x which use old methods of activating services, etc. Basically assume version 7.x or up. Changed: 11/26/2018
5. Adding options to setup LDAPS (encrypted LDAP) including the proper configuration file entries and specifying the certificate to use. Added: 11/27/2018
6. Considering removing the prompt to install Nginx and making it assumed, IE: always install and configure Nginx. The prompts for how to configure it would stay, but the option to run the script without installing Nginx would be removed. Changed: 11/30/2018
7. Changing the options/prompts/variables for the JKS cacert password and the JKS keystore password used for Guacamole in conjunction with selecting the LDAPS option. Currently it prompts for the JKS cacert keystore password which will almost 100% be the default of "changeit". Instead, I will change the prompt to ask for a password to set for the cacerts store and then use that for putting the LDAPS cert in the cacerts keystore. I will need to adjust the variables to better represent that one is for the guacamole keystore and the other is for the cacert keystore. Changed: 1/14/2019
8. Adding a prompt for the ldap-user-search-filter parameter in guacamole.properties to allow filtering LDAP results returned for users in Guacamole when using LDAP. This would be an LDAP query string like (Example): (&(objectCategory=person)(objectClass=user)(userAccountControl=512)) which would return only user accounts that are active and whos password expires. The prompt should allow for a manually entered LDAP query string while still allowing the default. Added 1/15/2019
9. Creating a more robust and dynamic interactive menu. I have started drafting and testing this to break down options into better grouping and most importantly to allow reviewing AND changing options before running the install (or to cancel and restart or cancel and exit the script). This will also help facilitate adding additional options and features in the long run, like additional extension options. Added: 1/29/2019
10. Adjust the Nginx configuration options. Instead of only 2 options, having 3. All 3 would be named/explained according to their potential score/grade in the Qualys SSL Test. The first option would be A+ 100% on everything. This would be the most secure but the least compatible with older browsers/devices. The next option would be A+ with 90-100% scores in the 4 areas measured by the test. This option would remain relatively secure while keeping compatibility with older browsers and devices to a degree. Last would be a base configuration, with a minimal amount of entries and security precautions. This option should be avoided but is present for those wanting to manually configure their own Nginx settings latter outside what the script is capable of. The scores and grade are potential, actual scores and grade will depend on things like using a valid cert, using strong key-sizes, etc. Added: 1/29/2019. However stuck with 2 options. Option is now secure (capable of A+, 90-100% on Qualys test) or 256bit and greater only ciphers (capable of A+ 100% on Qualys test).
11. Re-work how logging is handled. Completed: 4/8/2019
12. Re-word and better structure the output while the script is running. Completed: 4/8/2019
13. Add better error handling to the script. Completed: 4/15/2019 Error handling applies to the install portion of the script and not the the menus/prompts. It will display and log the line number in the script that failed, the exit code and in the case of commands not run as a background process the exact command. This is intended to cover issues with the code itself and/or configuration. It is unlikely to uncover mis-configurations server side like entering the wrong info in prompts for your setup (unless it causes a later command to fail).
14. Error handling improved to always show the failed command and to more clearly output the message on screen. Completed: 5/1/2019
15. Tweak error handling to use a single temporary text file to store information and clean up file on successful completion. Completed: 6/6/2019. Temp variables used by the error handled get stored in a single file in the same directory the script is run from (just like the log file). The default is for this file to be deleted on successful completion, but can be changed via a constant/variable.
16. Handling MySQLConnector 8.x and timezone issues. Completed: 6/27/2019. The script now populates the mysql database for time zones by name and adds the required line to /etc/my.cnf to set the time zone by name according to the currently set system time zone. If system time zone is changed after running the script then the my.cnf file will need to be manually adjusted to match. These changes allow both 5.x and 8.x versions of MySQLConnector to work immediately after the script has finished without intervention/error.