#!/bin/bash set -e # run dpkg-reconfigure unattended-upgrades and answer no unattended echo "Running dpkg-reconfigure unattended-upgrades..." echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections sudo dpkg-reconfigure -f noninteractive unattended-upgrades # mark linux-image-generic and linux-headers-generic as held back # echo "Marking linux-image-generic and linux-headers-generic as held back..." # sudo apt-mark hold linux-image-generic linux-headers-generic # upgrade the system echo "Upgrading the system..." sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y # Update and install required packages for Active Directory sudo DEBIAN_FRONTEND=noninteractive apt update sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit # Install any additional software # Required packages for Ninja # sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils # Load configuration file source config.sh # Set the username and password ADMINUSER=$ADMIN_USER #ADMINPASS=$ADMIN_PASSWORD # Set the hostname sudo hostnamectl set-hostname "$NEW_HOSTNAME" # Set /etc/host echo "127.0.0.1 localhost" | sudo tee /etc/hosts echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts # Update and install required packages #sudo apt update #sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit # Join the domain #echo "$ADMINPASS" | sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN" sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN" #work in progress - --computer-desc="$COMPUTER_DESC" # Configure PAM to create home directories for domain users on first login sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL Name: Activate mkhomedir Default: yes Priority: 900 Session-Type: Additional Session: required pam_mkhomedir.so umask=0077 skel=/etc/skel EOL # Enable the mkhomedir PAM module sudo pam-auth-update --enable mkhomedir # Set permissions for the home directories sudo chmod 0700 /home/* # Configure SSSD sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf # Deny login to all users sudo realm deny --all # Allow login to domain groups sudo realm permit -g "Domain Admins" # sudo realm permit -g "Access - Admin - All Servers" # sudo realm permit -g "Access - Admin - $HOST" # Set up sudoers file echo "%Domain\ Admins ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null echo "%AnisbleAdmins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null # echo "%Access\ -\ Admin\ -\ $HOST ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null # copy file from SCP server to local system # sudo scp -r anonymous@ptiwa001:ninja-agent.deb ~/ # install package using dpkg # sudo dpkg -i ninja-agent.deb # copy file from SCP server to local system # sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb ~/ # install package using dpkg # sudo dpkg -i falcon-sensor_6.46.0-14306.deb # Run the additional command # sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 # Remove packages that are not required sudo apt autoremove -y # Start Services sudo systemctl restart sssd # sudo systemctl start ninjarmm-agent.service # sudo systemctl start falcon-sensor # check the status of the services # sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service' # Query user and print message id chagood && echo "Successfully queried Active Directory for user chagood" # Check if reboot is required if [ -f /var/run/reboot-required ]; then echo -e "\033[31mA reboot is required.\033[0m" else echo -e "\033[32mReboot not required.\033[0m" fi