new file: Old/UbuntuJoinDomain.sh

	new file:   Old/adm.txt
	new file:   Old/config.sh
	new file:   Template/22_04template.sh
	new file:   UbuntuJoinDomain.sh
	new file:   config.sh
	new file:   peo/UbuntuJoinDomain.sh
	new file:   peo/config.sh

Old/UbuntuJoinDomain.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Load configuration file
+source config.sh
+
+# Load password file
+read -r ADMINUSER ADMINPASS < adm.txt
+
+# Set the hostname
+sudo hostnamectl set-hostname $NEW_HOSTNAME
+
+# Update /etc/hosts
+echo "127.0.0.1 localhost" | sudo tee /etc/hosts
+echo "$NEW_HOSTNAME $(hostname -I | cut -d' ' -f1)" | sudo tee -a /etc/hosts
+
+# Update /etc/hostname
+echo $NEW_HOSTNAME | sudo tee /etc/hostname
+
+# Update and install required packages
+sudo apt update
+sudo apt install -y sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+
+# Join the domain
+sudo realm join -U $ADMINUSER $DOMAIN
+
+# Configure SSSD
+sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
+sudo systemctl restart sssd
+
+# Allow domain users to log in to the machine
+sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
+sudo systemctl restart sshd
+
+# Configure PAM to create home directories for domain users on first login
+sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
+Name: Activate mkhomedir
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required    pam_mkhomedir.so umask=0077 skel=/etc/skel
+EOL
+
+# Enable the mkhomedir PAM module
+sudo pam-auth-update --force
+
+# Set permissions for the home directories
+sudo chmod 0700 /home/*
+
+# Install any additional software
+sudo apt install -y <software-package-name>
+
+# Query user and print message
+id chagood && echo "Successfully queried Active Directory for user chagood"

Old/adm.txt

@@ -0,0 +1 @@
+adm-chagood:Wh@tAreMyD0gsNam3s

Old/config.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Set the domain name and new hostname
+DOMAIN="example.com"
+NEW_HOSTNAME="newhostname.example.com"

UbuntuJoinDomain.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+set -e
+
+# run dpkg-reconfigure unattended-upgrades and answer no unattended
+echo "Running dpkg-reconfigure unattended-upgrades..."
+echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections
+sudo dpkg-reconfigure -f noninteractive unattended-upgrades
+
+# mark linux-image-generic and linux-headers-generic as held back
+echo "Marking linux-image-generic and linux-headers-generic as held back..."
+sudo apt-mark hold linux-image-generic linux-headers-generic
+
+# upgrade the system
+echo "Upgrading the system..."
+sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
+
+# Update and install required packages for Active Directory
+sudo DEBIAN_FRONTEND=noninteractive apt update
+sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+
+# Install any additional software
+# Required packages for Ninja
+sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils
+
+# Load configuration file
+source config.sh
+
+# Set the username and password
+ADMINUSER=$ADMIN_USER
+#ADMINPASS=$ADMIN_PASSWORD
+
+# Set the hostname
+sudo hostnamectl set-hostname "$NEW_HOSTNAME"
+
+# Set /etc/host
+echo "127.0.0.1 localhost" | sudo tee /etc/hosts
+echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts
+
+# Update and install required packages
+#sudo apt update
+#sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+
+# Join the domain
+#echo "$ADMINPASS" | sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
+sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
+#work in progress - --computer-desc="$COMPUTER_DESC"
+
+# Configure PAM to create home directories for domain users on first login
+sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
+Name: Activate mkhomedir
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required    pam_mkhomedir.so umask=0077 skel=/etc/skel
+EOL
+
+# Enable the mkhomedir PAM module
+sudo pam-auth-update --enable mkhomedir
+
+# Set permissions for the home directories
+sudo chmod 0700 /home/*
+
+# Configure SSSD
+sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
+
+# Deny login to all users
+sudo realm deny --all
+
+# Allow login to domain groups
+sudo realm permit -g "Domain Admins"
+sudo realm permit -g "Access - Admin - All Servers"
+sudo realm permit -g "Access - Admin - $HOST"
+
+# Set up sudoers file
+echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
+echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
+echo "%Access\ -\ Admin\ -\ $HOST     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
+
+# copy file from SCP server to local system
+sudo scp -r anonymous@ptiwa001:ninja-agent.deb ~/
+
+# install package using dpkg
+sudo dpkg -i ninja-agent.deb
+
+# copy file from SCP server to local system
+sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb ~/
+
+# install package using dpkg
+sudo dpkg -i falcon-sensor_6.46.0-14306.deb
+ 
+# Run the additional command
+sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 
+
+# Remove packages that are not required
+sudo apt autoremove -y
+
+# Start Services
+sudo systemctl restart sssd
+sudo systemctl start ninjarmm-agent.service
+sudo systemctl start falcon-sensor
+
+# check the status of the services
+sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service'
+
+# Query user and print message
+id chagood && echo "Successfully queried Active Directory for user chagood"
+
+# Check if reboot is required
+if [ -f /var/run/reboot-required ]; then
+  echo -e "\033[31mA reboot is required.\033[0m"
+else
+  echo -e "\033[32mReboot not required.\033[0m"
+fi

config.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Set the domain name and new hostname
+ADMIN_USER="adm-"
+ADMIN_PASSWORD="admin_password"
+# Hostname with FDQN
+NEW_HOSTNAME="newhostname.peo.local"
+# Short name
+HOST="hostname"
+DOMAIN="peo.local"
+#DOMAIN_DESC="My domain description"
+OU="Paste destination OU"

peo/UbuntuJoinDomain.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+set -e
+
+# run dpkg-reconfigure unattended-upgrades and answer no unattended
+echo "Running dpkg-reconfigure unattended-upgrades..."
+echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections
+sudo dpkg-reconfigure -f noninteractive unattended-upgrades
+
+# mark linux-image-generic and linux-headers-generic as held back
+echo "Marking linux-image-generic and linux-headers-generic as held back..."
+sudo apt-mark hold linux-image-generic linux-headers-generic
+
+# upgrade the system
+echo "Upgrading the system..."
+sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
+
+# Update and install required packages for Active Directory
+sudo DEBIAN_FRONTEND=noninteractive apt update
+sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+
+# Install any additional software
+# Required packages for Ninja
+sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils
+
+# Load configuration file
+source config.sh
+
+# Set the username and password
+ADMINUSER=$ADMIN_USER
+#ADMINPASS=$ADMIN_PASSWORD
+
+# Set the hostname
+sudo hostnamectl set-hostname "$NEW_HOSTNAME"
+
+# Set /etc/host
+echo "127.0.0.1 localhost" | sudo tee /etc/hosts
+echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts
+
+# Update and install required packages
+#sudo apt update
+#sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+
+# Join the domain
+#echo "$ADMINPASS" | sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
+sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
+#work in progress - --computer-desc="$COMPUTER_DESC"
+
+# Configure PAM to create home directories for domain users on first login
+sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
+Name: Activate mkhomedir
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required    pam_mkhomedir.so umask=0077 skel=/etc/skel
+EOL
+
+# Enable the mkhomedir PAM module
+sudo pam-auth-update --enable mkhomedir
+
+# Set permissions for the home directories
+sudo chmod 0700 /home/*
+
+# Configure SSSD
+sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
+
+# Deny login to all users
+sudo realm deny --all
+
+# Allow login to domain groups
+sudo realm permit -g "Domain Admins"
+sudo realm permit -g "Access - Admin - All Servers"
+sudo realm permit -g "Access - Admin - $HOST"
+
+# Set up sudoers file
+echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
+echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
+echo "%Access\ -\ Admin\ -\ $HOST     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
+
+# copy file from SCP server to local system
+sudo scp -r anonymous@ptiwa001:ninja-agent.deb ~/
+
+# install package using dpkg
+sudo dpkg -i ninja-agent.deb
+
+# copy file from SCP server to local system
+sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb ~/
+
+# install package using dpkg
+sudo dpkg -i falcon-sensor_6.46.0-14306.deb
+ 
+# Run the additional command
+sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 
+
+# Remove packages that are not required
+sudo apt autoremove -y
+
+# Start Services
+sudo systemctl restart sssd
+sudo systemctl start ninjarmm-agent.service
+sudo systemctl start falcon-sensor
+
+# check the status of the services
+sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service'
+
+# Query user and print message
+id chagood && echo "Successfully queried Active Directory for user chagood"
+
+# Check if reboot is required
+if [ -f /var/run/reboot-required ]; then
+  echo -e "\033[31mA reboot is required.\033[0m"
+else
+  echo -e "\033[32mReboot not required.\033[0m"
+fi

peo/config.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Set the domain name and new hostname
+ADMIN_USER="adm-"
+ADMIN_PASSWORD="admin_password"
+# Hostname with FDQN
+NEW_HOSTNAME="newhostname.peo.local"
+# Short name
+HOST="hostname"
+DOMAIN="peo.local"
+#DOMAIN_DESC="My domain description"
+OU="Paste destination OU"