Home Esplora Aiuto
Accedi
CoAd
/
Ubuntu
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Ramo (Branch): master
Rami (Branch) Tag
Ubuntu
/
old
/
Initial setup

Initial setup 4.3 KB
Permalink Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. import subprocess
    2. 

  2. 

  3. # Set the domain name and administrator credentials
    4. 

  4. domain_name = "example.com"
    5. 

  5. admin_username = "administrator"
    6. 

  6. admin_password = "password"
    7. 

  7. 

  8. # Set Hostname
    9. 

  9. def set_hostname():
    10. 

  10.     hostname = subprocess.run(["hostname"], stdout=subprocess.PIPE, check=True).stdout.decode().strip()
    11. 

  11.     hostname = hostname.split(".")[0]
    12. 

  12.     subprocess.run(["sudo", "hostnamectl", "set-hostname", hostname], check=True)
    13. 

  13. 

  14. # Install the necessary packages
    15. 

  15. def install_packages():
    16. 

  16.     packages = ["realmd", "libnss-sss", "libpam-sss", "sssd", "sssd-tools", "adcli", "samba-common-bin", "oddjob", "oddjob-mkhomedir", "packagekit", "python-ldap", "net-tools", "network-manager", "policycoreutils"]
    17. 

  17.     subprocess.run(["sudo", "apt-get", "install", "-y", *packages], check=True)
    18. 

  18. 

  19. # Copy the files from the remote server
    20. 

  20. def copy_files(file_name):
    21. 

  21.     subprocess.run(["scp", "anonymous@ptiwa001:"+file_name, "~/"], check=True)
    22. 

  22. 

  23. # Join the domain using realm
    24. 

  24. def join_domain():
    25. 

  25.     subprocess.run(["sudo", "realm", "join", "--user", f"{admin_username}%'{admin_password}'", domain_name], check=True)
    26. 

  26.     # Verify that the join was successful
    27. 

  27.     result = subprocess.run(["sudo", "net", "ads", "testjoin"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    28. 

  28.     if result.returncode == 0:
    29. 

  29.         print("Successfully joined the domain")
    30. 

  30.     else:
    31. 

  31.         print("Failed to join the domain. Error: ",result.stderr.decode())
    32. 

  32. 

  33. # Activate creation of homedir
    34. 

  34. def activate_mkhomedir():
    35. 

  35.     subprocess.run(["sudo", "bash", "-c", "cat > /usr/share/pam-configs/mkhomedir <<EOF\nName: activate mkhomedir\nDefault: yes\nPriority: 900\nSession-Type: Additional\nSession:\n\tRequired\tpam_mkhomedir.so umask=0022 skel=/etc/skel\nEOF"], check=True)
    36. 

  36.     subprocess.run(["sudo", "pam-auth-update", "--package", "--enable", "mkhomedir"], check=True)
    37. 

  37. 

  38.     # Set fully qualified domain names to false
    39. 

  39.     subprocess.run(["sudo", "sed", "-i", "s/use_fully_qualified_names = True/use_fully_qualified_names = False/g", "/etc/sssd/sssd.conf"], check=True)
    40. 

  40.     subprocess.run(["sudo", "systemctl", "restart", "sssd.service"], check=True)
    41. 

  41. 

  42.     # Install Falcon_sensor.deb file
    43. 

  43.     subprocess.run(["sudo", "dpkg", "-i", "~/falcon-sensor_6.46.0-14306.deb"], check=True)
    44. 

  44. 

  45.     # Run additional Crowdstrike commands
    46. 

  46.     subprocess.run(["sudo", "/opt/CrowdStrike/falconctl", "-s", "--cid=D0511099B3FF494D8B87F48C4AB90201-56"], check=True)
    47. 

  47.     subprocess.run(["sudo", "systemctl", "start", "falcon-sensor"], check=True)
    48. 

  48.     result = subprocess.run(["sudo", "systemctl", "status", "falcon-sensor"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    49. 

  49.     if result.returncode == 0:
    50. 

  50.         print("falcon-sensor service is running.")
    51. 

  51.     else:
    52. 

  52.         print("falcon-sensor service is not running. Error: ", result.stderr.decode())
    53. 

  53. 

  54.     # Install Ninja.deb file
    55. 

  55.     subprocess.run(["sudo", "dpkg", "-i", "~/ninja-agent.deb"], check=True)
    56. 

  56. 

  57.     # Run additional Ninja commands
    58. 

  58.     subprocess.run(["sudo", "systemctl", "start", "ninjarmm-agent.service"], check=True)
    59. 

  59.     result = subprocess.run(["sudo", "systemctl", "status", "ninjarmm-agent.service"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    60. 

  60.     if result.returncode == 0:
    61. 

  61.         print("ninjarmm-agent service is running.")
    62. 

  62.     else:
    63. 

  63.         print("ninjarmm-agent service is not running. Error: ", result.stderr.decode())
    64. 

  64.     
    65. 

  65.     # Permit domain groups
    66. 

  66.     hostname = subprocess.run(["hostname"], stdout=subprocess.PIPE, check=True).stdout.decode().strip()
    67. 

  67.     group_name = f"Access - Admin - {hostname}"
    68. 

  68.     subprocess.run(["sudo", "realm", "deny", "--all"], check=True)
    69. 

  69.     subprocess.run(["sudo", "realm", "permit", "-g", "Domain Admins"], check=True)
    70. 

  70.     subprocess.run(["sudo", "realm", "permit", "-g", "Access - Admin - All Servers"], check=True)
    71. 

  71.     subprocess.run(["sudo", "realm", "permit", "-g", group_name], check=True)
    72. 

  72. 

  73.     # Edit the sudoers file
    74. 

  74.     subprocess.run(["sudo", "visudo", "-f", "/etc/sudoers.d/LocalAdmins"], check=True)
    75. 

  75.     subprocess.run(["sudo", "bash", "-c", f"echo '%Domain\ Admins     ALL=(ALL:ALL)   ALL' >> /etc/sudoers.d/LocalAdmins"], check=True)
    76. 

  76.     subprocess.run(["sudo", "bash", "-c", f"echo '%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL' >> /etc/sudoers.d/LocalAdmins"], check=True)
    77. 

  77.     subprocess.run(["sudo", "bash", "-c", f"echo '%{group_name}     ALL=(ALL)   ALL' >> /etc/sudoers.d/LocalAdmins"], check=True)
    78.