KASM-5317 remove terminals, KASM-5318 restrict local file urls

dockerfile-kasm-brave

@@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/brave/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

dockerfile-kasm-chrome

@@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/chrome/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

dockerfile-kasm-chromium

@@ -19,6 +19,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

dockerfile-kasm-edge

@@ -24,6 +24,11 @@ ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/edge/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

dockerfile-kasm-firefox

@@ -21,6 +21,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

dockerfile-kasm-tor-browser

@@ -20,6 +20,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh

dockerfile-kasm-vivaldi

@@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+# Security modifications
+COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
+RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
+COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
+
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL  http://kasmweb.com
 

src/common/chrome-managed-policies/urlblocklist.json

@@ -0,0 +1,3 @@
+{
+    "URLBlocklist": ["file://*"]
+}

src/ubuntu/install/misc/single_app_security.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+REMOVE_TERMINALS=false
+
+while getopts "th" var
+do
+   case "$var" in
+       t) REMOVE_TERMINALS=true;;
+       h) echo "Valid arguments:"
+          echo "-t    Remove terminals"
+       ;;
+   esac
+done
+
+## Remote unneeded packages
+
+#Remove Terminals
+if [ "$REMOVE_TERMINALS" = true ] ; then
+    echo "Removing terminals..."
+    if [ -x "$(command -v apt-get)" ]; then
+        echo "apt package manager detected"
+        terminals=("koi8rxterm" "lxterm" "xterm" "x-terminal-emulator" "xfce4-terminal" "xfce4-terminal.wrapper")
+
+        for termapp in ${terminals[@]}; do
+            if [[ $(apt -qq list "$termapp") ]] ; then
+                echo "Removing termina all $termapp."
+                apt remove -y ${termapp}
+            fi
+        done
+    fi
+fi