The Guacamole File transfer is no different than a NFS share with security.
Example: using /myfles/${GUAC_USRENAME} in the connection settings, you will
need to scan anything new hitting the myfles directory on the OS level. To
prevent viral files from infecting the Guest and Host OS, remove the ability
to execute from the myfiles directory. If you are not using CentOS with
SELinux, I recommend you use Tripwire.
Here is what we do; We have a NAS with a 5TB share that gets carved up per
user, this is their storage container.
Now we also use CLAMAV, and Malware bytes on the containers. Any file
uploaded is done so without execute permissions. We further protect the OS
(Guac) with Tripwire and SELinux policies.
For load balancing we do not use the native guac version, however our
platform manages all the connections by load balancing between 4 guacamole
systems or more if demand increases.
Hope this helps.
-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole installations
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
