Ubuntu/UbuntuJoinDomain.sh

#!/bin/bash

set -e

# run dpkg-reconfigure unattended-upgrades and answer no unattended
echo "Running dpkg-reconfigure unattended-upgrades..."
echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean false" | sudo debconf-set-selections
sudo dpkg-reconfigure -f noninteractive unattended-upgrades

# mark linux-image-generic and linux-headers-generic as held back
# echo "Marking linux-image-generic and linux-headers-generic as held back..."
# sudo apt-mark hold linux-image-generic linux-headers-generic

# upgrade the system
echo "Upgrading the system..."
sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y

# Update and install required packages for Active Directory
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

# Install any additional software
# Required packages for Ninja
# sudo DEBIAN_FRONTEND=noninteractive apt install -y net-tools network-manager policycoreutils

# Load configuration file
source config.sh

# Set the username and password
ADMINUSER=$ADMIN_USER
#ADMINPASS=$ADMIN_PASSWORD

# Set the hostname
sudo hostnamectl set-hostname "$NEW_HOSTNAME"

# Set /etc/host
echo "127.0.0.1 localhost" | sudo tee /etc/hosts
echo "$(hostname -I | cut -d' ' -f1) $HOST $NEW_HOSTNAME" | sudo tee -a /etc/hosts

# Update and install required packages
#sudo apt update
#sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

# Join the domain
#echo "$ADMINPASS" | sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
sudo -S realm join --user="$ADMINUSER" --computer-ou="$OU" "$DOMAIN"
#work in progress - --computer-desc="$COMPUTER_DESC"

# Configure PAM to create home directories for domain users on first login
sudo bash -c "cat >> /usr/share/pam-configs/mkhomedir" << EOL
Name: Activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required    pam_mkhomedir.so umask=0077 skel=/etc/skel
EOL

# Enable the mkhomedir PAM module
sudo pam-auth-update --enable mkhomedir

# Set permissions for the home directories
sudo chmod 0700 /home/*

# Configure SSSD
sudo sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf

# Deny login to all users
sudo realm deny --all

# Allow login to domain groups
sudo realm permit -g "Domain Admins"
# sudo realm permit -g "Access - Admin - All Servers"
# sudo realm permit -g "Access - Admin - $HOST"

# Set up sudoers file
echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
# echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
# echo "%Access\ -\ Admin\ -\ $HOST     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null

# copy file from SCP server to local system
# sudo scp -r anonymous@ptiwa001:ninja-agent.deb ~/

# install package using dpkg
# sudo dpkg -i ninja-agent.deb

# copy file from SCP server to local system
# sudo scp -r anonymous@ptiwa001:falcon-sensor_6.46.0-14306.deb ~/

# install package using dpkg
# sudo dpkg -i falcon-sensor_6.46.0-14306.deb
 
# Run the additional command
# sudo /opt/CrowdStrike/falconctl -s --cid=D0511099B3FF494D8B87F48C4AB90201-56 

# Remove packages that are not required
sudo apt autoremove -y

# Start Services
sudo systemctl restart sssd
# sudo systemctl start ninjarmm-agent.service
# sudo systemctl start falcon-sensor

# check the status of the services
# sudo systemctl | grep -E 'falcon-sensor|ninjarmm-agent|sssd.service'

# Query user and print message
id chagood && echo "Successfully queried Active Directory for user chagood"

# Check if reboot is required
if [ -f /var/run/reboot-required ]; then
  echo -e "\033[31mA reboot is required.\033[0m"
else
  echo -e "\033[32mReboot not required.\033[0m"
fi