CentOS ThinClient
Introduction
My first project at NCRi, I was tasked with developing an efficient method to deploy CentOS Thin Clients for our staff of 300+ employees. Due to growing business needs, new compliance guidelines required all data to stay on our secure servers. This meant that staff were required to remote into Windows VM's through a FortiGate VPN.
I utilized Kickstart to perform an agnostic and automated CentOS installation, which then started a BASH script to install and setup the final configuration. As users and admin needs grew, more and more features were added to the script, including a jumpbox server SSH access with paired keys and a VNC server to remotely access users.
Instructions
You will need two USB flash drives, one flashed with CentOS ISO and the other with the files in the KICKSTART folder
- Make sure boot is set to HDD in BIOS
- Boot from CentOS ISO USB
- Press 'esc' and start kickstart script
linux ks=hd:LABEL=KICKSTART:/ks.cfg
- Sit back
Details
2021.05.21 - pacmd.sh - Set volume to 100% volume & unmute on boot
2021.05.22 - Set PulseAudio to always change device to recent plugged in
2021.05.28 - setdns.sh - FortiClient has an issue with DNS not reverting if disconnect not performed gracefully. Set script to copy NetworkManager defaults to /root and copy over settings on every reboot
2021.06.02 - Added logging information and a terminal screen popup at first login for admin configuration
2021.06.03 - dos2unix
2021.07.14 - Added IPv4 precedence, Disables PCI sound devices, changes to FortiClient DNS issue
2021.08.11 - Added support for Thinkpad Laptops (Tested on T440, L440), WiFi enabled, reset network button, admin account, SSH pair keys, jumpbox support, VNC support, locked RDP file, hardened client
2021.08.14 - Released as v1.0
2021.09.29 - v1.1 - Added Network testing logs
2021.10.07 - Added UPDATES folder, added teams and zoom due to camera requirements
2021.10.08 - v1.2 - Teams and Zoom merged into final build - Lenovo M73 Set as Standard Hardware
2021.10.09 - v1.3 - Added Filepak restrictions and appdata scripts
2021.12.02 - v1.4 - Added fixes for XFCE-Panel and disabling IPv6
2022.01.21 - v1.4.1 - Added Product ID and Serial Number
2022.03.17 - v1.5 - Remmina v1.4.24 new security features implemented, organized UPDATE files, added Neofetch, updates GRUB to remove boot menu