|
|
@@ -72,11 +72,14 @@ sudo realm deny --all
|
|
|
sudo realm permit -g "Domain Admins"
|
|
|
sudo realm permit -g "Access - Admin - All Servers"
|
|
|
sudo realm permit -g "Access - Admin - $HOST"
|
|
|
+sudo realm permit -g "AnsibleAdmins"
|
|
|
|
|
|
# Set up sudoers file
|
|
|
echo "%Domain\ Admins ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
|
|
|
echo "%Access\ -\ Admin\ -\ All\ Servers ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
|
|
|
echo "%Access\ -\ Admin\ -\ $HOST ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
|
|
|
+echo "%AnisbleAdmins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
|
|
|
+echo "Ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
|
|
|
|
|
|
# copy file from SCP server to local system
|
|
|
sudo scp -r anonymous@ptiwa001:ninja-agent.deb ~/
|
|
|
@@ -96,10 +99,15 @@ sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56
|
|
|
# Remove packages that are not required
|
|
|
sudo apt autoremove -y
|
|
|
|
|
|
-# Start Services
|
|
|
+# Configure syslog server
|
|
|
+echo 'remote host is: dcpi-siem 10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
|
|
|
+echo '*.* @@10.200.24.51:514' | sudo tee -a /etc/rsyslog.conf
|
|
|
+
|
|
|
+# Start/Restart Services
|
|
|
sudo systemctl restart sssd
|
|
|
sudo systemctl start ninjarmm-agent.service
|
|
|
sudo systemctl start falcon-sensor
|
|
|
+sudo systemctl restart rsyslog
|
|
|
|
|
|
# check the status of the services
|
|
|
sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service'
|
