Halaman utama Jelajahi Bantuan
Masuk
CoAd
/
Ubuntu
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: bab2646869
Ranting Tag
Ubuntu
/
DomainJoin
/
UbuntuJoinDomain.sh

UbuntuJoinDomain.sh 6.1 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. # run dpkg-reconfigure unattended-upgrades and answer no unattended
    6. 

  6. echo "Running dpkg-reconfigure unattended-upgrades..."
    7. 

  7. echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections
    8. 

  8. sudo dpkg-reconfigure -f noninteractive unattended-upgrades
    9. 

  9. 

  10. # mark linux-image-generic and linux-headers-generic as held back
    11. 

  11. echo "Marking linux-image-generic and linux-headers-generic as held back..."
    12. 

  12. sudo apt-mark hold linux-image-generic linux-headers-generic
    13. 

  13. 

  14. # upgrade the system
    15. 

  15. echo "Upgrading the system..."
    16. 

  16. sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
    17. 

  17. 

  18. # Update and install required packages for Active Directory
    19. 

  19. sudo DEBIAN_FRONTEND=noninteractive apt update
    20. 

  20. sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
    21. 

  21. 

  22. # Install any additional software
    23. 

  23. # Required packages for Ninja
    24. 

  24. sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils jq libjq1 libonig5
    25. 

  25. 

  26. # Load configuration file
    27. 

  27. source config.sh
    28. 

  28. 

  29. # Set the username and password
    30. 

  30. ADMINUSER=$ADMIN_USER
    31. 

  31. #ADMINPASS=$ADMIN_PASSWORD
    32. 

  32. 

  33. # Set the hostname
    34. 

  34. sudo hostnamectl set-hostname "$NEW_HOSTNAME"
    35. 

  35. 

  36. # Set /etc/host
    37. 

  37. echo "127.0.0.1 localhost" | sudo tee /etc/hosts
    38. 

  38. echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts
    39. 

  39. 

  40. # Update and install required packages
    41. 

  41. #sudo apt update
    42. 

  42. #sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
    43. 

  43. 

  44. # Join the domain
    45. 

  45. #echo "$ADMINPASS" | sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
    46. 

  46. echo "Joining the domain..."
    47. 

  47. sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
    48. 

  48. #work in progress - --computer-desc="$COMPUTER_DESC"
    49. 

  49. 

  50. # Configure PAM to create home directories for domain users on first login
    51. 

  51. sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
    52. 

  52. Name: Activate mkhomedir
    53. 

  53. Default: yes
    54. 

  54. Priority: 900
    55. 

  55. Session-Type: Additional
    56. 

  56. Session:
    57. 

  57.         required    pam_mkhomedir.so umask=0077 skel=/etc/skel
    58. 

  58. EOL
    59. 

  59. 

  60. # Enable the mkhomedir PAM module
    61. 

  61. sudo pam-auth-update --enable mkhomedir
    62. 

  62. 

  63. # Set permissions for the home directories
    64. 

  64. sudo chmod 0700 /home/*
    65. 

  65. 

  66. # Configure SSSD
    67. 

  67. sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
    68. 

  68. 

  69. # Deny login to all users
    70. 

  70. sudo realm deny --all
    71. 

  71. 

  72. # Allow login to domain groups
    73. 

  73. sudo realm permit -g "Domain Admins"
    74. 

  74. sudo realm permit -g "Access - Admin - All Servers"
    75. 

  75. sudo realm permit -g "Access - Admin - $HOST"
    76. 

  76. sudo realm permit -g "Access - Admin - All Linux Servers"
    77. 

  77. 

  78. # Set up sudoers file
    79. 

  79. echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
    80. 

  80. echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    81. 

  81. echo "%Access\ -\ Admin\ -\ All\ Linux\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    82. 

  82. echo "%Access\ -\ Admin\ -\ $HOST     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    83. 

  83. echo "Ansible  ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
    84. 

  84. 

  85. # Set Timezone to Eastern
    86. 

  86. echo "Seting the Timezone..."
    87. 

  87. sudo timedatectl set-timezone America/New_York
    88. 

  88. 

  89. # copy file from SCP server to local system
    90. 

  90. # sudo scp -r anonymous@ptiwa001:ninja-agent.deb /home/coadmin/
    91. 

  91. # curl -o ninja-agent.deb https://app.ninjarmm.com/agent/installer/e99519fc-b76e-4c50-b5ff-ef68db95b032/serverslinuxmainoffice-5.6.7925-installer-x86-64.deb
    92. 

  92. echo "Installing Ninja..."
    93. 

  93. 

  94. # Step 1: Get OAuth token
    95. 

  95. oauth_response=$(curl --request POST \
    96. 

  96.   --url https://app.ninjarmm.com/ws/oauth/token \
    97. 

  97.   --header 'Content-Type: application/x-www-form-urlencoded' \
    98. 

  98.   --data grant_type=client_credentials \
    99. 

  99.   --data client_id=Exx51oPGv_hZ8fgQh2IqtpX5VpA \
    100. 

  100.   --data client_secret=AAv3WeKnUjSOSRuW94plKdrihEw8AEZCJd38VK56aSGjAa4BAtm_zw \
    101. 

  101.   --data scope=management)
    102. 

  102. 

  103. # Extract access token from response
    104. 

  104. access_token=$(echo "$oauth_response" | jq -r '.access_token')
    105. 

  105. 

  106. # Step 2: Generate installer URL
    107. 

  107. installer_response=$(curl -X 'GET' \
    108. 

  108.   'https://app.ninjarmm.com/v2/organization/26/location/45/installer/LINUX_RPM' \
    109. 

  109.   -H 'accept: application/json' \
    110. 

  110.   -H "Authorization: Bearer $access_token")
    111. 

  111. 

  112. # Extract installer URL from response
    113. 

  113. installer_url=$(echo "$installer_response" | jq -r '.url')
    114. 

  114. 

  115. # Step 3: Download installer using generated URL
    116. 

  116. curl -o ninja-agent.deb "$installer_url"
    117. 

  117. 

  118. # install Ninja
    119. 

  119. sudo dpkg -i ninja-agent.deb
    120. 

  120. 

  121. # copy file from SCP server to local system
    122. 

  122. #sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb /home/coadmin/
    123. 

  123. 

  124. # Install CrowdStrike Falcon
    125. 

  125. echo "Installing Falcon Sensor..."
    126. 

  126. sudo export FALCON_CLIENT_ID="58f632f6b11c43f48864c9043ec8428d"
    127. 

  127. sudo export FALCON_CLIENT_SECRET="8VrQZaLfAHgJNpED0627tyeu9oGbcwWP51mxYk34"
    128. 

  128. sudo export FALCON_CID="D0511099B3FF494D8B87F48C4AB90201-56"
    129. 

  129. sudo export FALCON_SENSOR_VERSION_DECREMENT="1"
    130. 

  130. curl -L https://raw.githubusercontent.com/crowdstrike/falcon-linux-install-bash/main/falcon-linux-deploy.sh | sudo bash
    131. 

  131. 

  132. # install package using dpkg
    133. 

  133. # sudo dpkg -i falcon-sensor_6.46.0-14306.deb
    134. 

  134.  
    135. 

  135. # Run the additional command
    136. 

  136. # sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 
    137. 

  137. 

  138. # Remove packages that are not required
    139. 

  139. echo "Removing old packages..."
    140. 

  140. sudo apt autoremove -y
    141. 

  141. 

  142. # Configure syslog server
    143. 

  143. echo "Configuring syslog server..."
    144. 

  144. echo 'remote host is: dcpi-siem 10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
    145. 

  145. echo '*.* @@10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
    146. 

  146. 

  147. # Start/Restart Services
    148. 

  148. echo "Restarting system services..."
    149. 

  149. sudo systemctl restart sssd
    150. 

  150. sudo systemctl start ninjarmm-agent.service
    151. 

  151. sudo systemctl start falcon-sensor
    152. 

  152. sudo systemctl restart rsyslog
    153. 

  153. 

  154. # check the status of the services
    155. 

  155. sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service'
    156. 

  156. 

  157. # Query user and print message
    158. 

  158. id chagood && echo "Successfully queried Active Directory for user chagood"
    159. 

  159. 

  160. # Check if reboot is required
    161. 

  161. if [ -f /var/run/reboot-required ]; then
    162. 

  162.   echo -e "\033[31mA reboot is required.\033[0m"
    163. 

  163. else
    164. 

  164.   echo -e "\033[32mReboot not required.\033[0m"
    165. 

  165. fi
    166.