Trang chủ Khám phá Trợ giúp
Đăng nhập
CoAd
/
Ubuntu
2
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: 53f2f26e59
Branches Tags
Ubuntu
/
DomainJoin
/
UbuntuJoinDomain.sh

UbuntuJoinDomain.sh 6.5 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. # run dpkg-reconfigure unattended-upgrades and answer no unattended
    6. 

  6. echo "Running dpkg-reconfigure unattended-upgrades..."
    7. 

  7. echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections
    8. 

  8. sudo dpkg-reconfigure -f noninteractive unattended-upgrades
    9. 

  9. 

  10. # mark linux-image-generic and linux-headers-generic as held back
    11. 

  11. # no longer used
    12. 

  12. #echo "Marking linux-image-generic and linux-headers-generic as held back..."
    13. 

  13. #sudo apt-mark hold linux-image-generic linux-headers-generic
    14. 

  14. 

  15. # Update and upgrade the system
    16. 

  16. echo "Upgrading the system..."
    17. 

  17. sudo DEBIAN_FRONTEND=noninteractive apt update
    18. 

  18. sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
    19. 

  19. 

  20. # Install required packages for Active Directory
    21. 

  21. echo "Installing Active Directory Tools..."
    22. 

  22. sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
    23. 

  23. 

  24. # Install any additional software
    25. 

  25. 

  26. # Required packages for NinjaRMM
    27. 

  27. echo "Installing Ninja Tools..."
    28. 

  28. sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils jq libjq1 libonig5
    29. 

  29. 

  30. # Load configuration file
    31. 

  31. echo "Loading config file..."
    32. 

  32. source config.sh
    33. 

  33. 

  34. # Set the username and password
    35. 

  35. echo "Enter Active Directory Password..."
    36. 

  36. ADMINUSER=$ADMIN_USER
    37. 

  37. #ADMINPASS=$ADMIN_PASSWORD
    38. 

  38. 

  39. # Set the hostname
    40. 

  40. echo "Setting System Hostname..."
    41. 

  41. sudo hostnamectl set-hostname "$NEW_HOSTNAME"
    42. 

  42. 

  43. # Set /etc/host
    44. 

  44. echo "127.0.0.1 localhost" | sudo tee /etc/hosts
    45. 

  45. echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts
    46. 

  46. 

  47. # Update and install required packages
    48. 

  48. ##sudo apt update
    49. 

  49. ##sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
    50. 

  50. 

  51. # Join the domain
    52. 

  52. echo "Joining the domain..."
    53. 

  53. sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
    54. 

  54. #work in progress - --computer-desc="$COMPUTER_DESC"
    55. 

  55. 

  56. # Configure PAM to create home directories for domain users on first login
    57. 

  57. sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
    58. 

  58. Name: Activate mkhomedir
    59. 

  59. Default: yes
    60. 

  60. Priority: 900
    61. 

  61. Session-Type: Additional
    62. 

  62. Session:
    63. 

  63.         required    pam_mkhomedir.so umask=0077 skel=/etc/skel
    64. 

  64. EOL
    65. 

  65. 

  66. # Enable the mkhomedir PAM module
    67. 

  67. sudo pam-auth-update --enable mkhomedir
    68. 

  68. 

  69. # Set permissions for the home directories
    70. 

  70. sudo chmod 0700 /home/*
    71. 

  71. 

  72. # Configure SSSD
    73. 

  73. sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
    74. 

  74. 

  75. # Deny login to all users
    76. 

  76. echo "Setting Permissions..."
    77. 

  77. sudo realm deny --all
    78. 

  78. 

  79. # Allow login to domain groups
    80. 

  80. sudo realm permit -g "Domain Admins"
    81. 

  81. sudo realm permit -g "Access - Admin - All Servers"
    82. 

  82. sudo realm permit -g "Access - Admin - $HOST"
    83. 

  83. sudo realm permit -g "Access - Admin - All Linux Servers"
    84. 

  84. 

  85. # Set up sudoers file
    86. 

  86. echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
    87. 

  87. echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    88. 

  88. echo "%Access\ -\ Admin\ -\ All\ Linux\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    89. 

  89. echo "%Access\ -\ Admin\ -\ $HOST     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    90. 

  90. echo "Ansible  ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    91. 

  91. 

  92. # Set Timezone to Eastern
    93. 

  93. echo "Seting the Timezone..."
    94. 

  94. sudo timedatectl set-timezone America/New_York
    95. 

  95. 

  96. # copy file from SCP server to local system
    97. 

  97. ## sudo scp -r anonymous@ptiwa001:ninja-agent.deb /home/coadmin/
    98. 

  98. ## curl -o ninja-agent.deb https://app.ninjarmm.com/agent/installer/e99519fc-b76e-4c50-b5ff-ef68db95b032/serverslinuxmainoffice-5.6.7925-installer-x86-64.deb
    99. 

  99. 

  100. # Install Ninja RMM Agent
    101. 

  101. echo "Installing Ninja..."
    102. 

  102. 

  103. # Step 1: Get OAuth token
    104. 

  104. oauth_response=$(curl --request POST \
    105. 

  105.   --url https://app.ninjarmm.com/ws/oauth/token \
    106. 

  106.   --header 'Content-Type: application/x-www-form-urlencoded' \
    107. 

  107.   --data grant_type=client_credentials \
    108. 

  108.   --data client_id=Exx51oPGv_hZ8fgQh2IqtpX5VpA \
    109. 

  109.   --data client_secret=AAv3WeKnUjSOSRuW94plKdrihEw8AEZCJd38VK56aSGjAa4BAtm_zw \
    110. 

  110.   --data scope=management)
    111. 

  111. 

  112. # Extract access token from response
    113. 

  113. access_token=$(echo "$oauth_response" | jq -r '.access_token')
    114. 

  114. 

  115. # Step 2: Generate installer URL
    116. 

  116. installer_response=$(curl -X 'GET' \
    117. 

  117.   'https://app.ninjarmm.com/v2/organization/26/location/45/installer/LINUX_DEB' \
    118. 

  118.   -H 'accept: application/json' \
    119. 

  119.   -H "Authorization: Bearer $access_token")
    120. 

  120. 

  121. # Extract installer URL from response
    122. 

  122. installer_url=$(echo "$installer_response" | jq -r '.url')
    123. 

  123. 

  124. # Step 3: Download installer using generated URL
    125. 

  125. curl -o ninja-agent.deb "$installer_url"
    126. 

  126. 

  127. # install Ninja
    128. 

  128. sudo dpkg -i ninja-agent.deb
    129. 

  129. # End Install Ninja RMM Agent
    130. 

  130. 

  131. # copy file from SCP server to local system
    132. 

  132. #sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb /home/coadmin/
    133. 

  133. 

  134. # Install CrowdStrike Falcon
    135. 

  135. echo "Installing Falcon Sensor..."
    136. 

  136. export FALCON_CLIENT_ID="58f632f6b11c43f48864c9043ec8428d"
    137. 

  137. export FALCON_CLIENT_SECRET="8VrQZaLfAHgJNpED0627tyeu9oGbcwWP51mxYk34"
    138. 

  138. export FALCON_CID="D0511099B3FF494D8B87F48C4AB90201-56"
    139. 

  139. export FALCON_SENSOR_VERSION_DECREMENT="1"
    140. 

  140. curl -L https://raw.githubusercontent.com/CrowdStrike/falcon-scripts/main/bash/install/falcon-linux-install.sh | bash
    141. 

  141. # End Install CrowdStrike Falcon
    142. 

  142. 

  143. # install package using dpkg
    144. 

  144. # sudo dpkg -i falcon-sensor_6.46.0-14306.deb
    145. 

  145.  
    146. 

  146. # Run the additional command
    147. 

  147. # sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 
    148. 

  148. 

  149. # Remove packages that are not required
    150. 

  150. echo "Removing old packages..."
    151. 

  151. sudo apt autoremove -y
    152. 

  152. 

  153. # Configure syslog server
    154. 

  154. echo "Configuring syslog server..."
    155. 

  155. echo 'remote host is: dcpi-siem 10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
    156. 

  156. echo '*.* @@10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
    157. 

  157. 

  158. # Start/Restart Services
    159. 

  159. echo "Restarting system services..."
    160. 

  160. sudo systemctl restart sssd
    161. 

  161. sudo systemctl start ninjarmm-agent.service
    162. 

  162. sudo systemctl start falcon-sensor
    163. 

  163. sudo systemctl restart rsyslog
    164. 

  164. 

  165. # check the status of the services
    166. 

  166. echo "Checking status of required services..."
    167. 

  167. sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service|rsyslog.service'
    168. 

  168.     echo "$line"
    169. 

  169.     echo ""
    170. 

  170. 

  171. # Query user and print message
    172. 

  172. echo "Checking Active Directory..."
    173. 

  173. id ansible && echo "Successfully queried Active Directory for user peo\ansible"
    174. 

  174.     echo "$line"
    175. 

  175.     echo ""
    176. 

  176. 

  177. # Check if reboot is required
    178. 

  178. echo "Is a reboot required?..."
    179. 

  179. if [ -f /var/run/reboot-required ]; then
    180. 

  180.   echo -e "\033[31mA reboot is required.\033[0m"
    181. 

  181. else
    182. 

  182.   echo -e "\033[32mReboot not required.\033[0m"
    183. 

  183. fi
    184.