DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

First readfile implementation

Browse Source 
First readfile implementation waithing for tests..
This commit is contained in:
PierreGode 2020-03-25 14:59:44 +01:00 committed by GitHub
parent 49505818f8
commit 09a2cc8a0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 204 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

261
ADconnection.sh
View File

@ -55,49 +55,107 @@ grouPs="null"
therealm="null" therealm="null"
cauth="null" cauth="null"
clear clear
read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' )
if [ "$sshsec" = "yes" ]
then
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "SSHsecurity Files seems already to be modified, skipping..."
else
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' )
if [ "$localadmin" = "null" ]
then
localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
else
sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi
fi
else
if [ "$sshsec" = "no" ]
then
echo "Skipping SSHSecurity config"
else
read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration" [Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then then
echo "Files seems already to be modified, skipping..." echo " SSHsecurityFiles seems already to be modified, skipping..."
else else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
echo "" sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
echo "" sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
read -r -p "Is your current administrator = '$admins' ? (y/n)?" yn sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
case $yn in echo "enabled SSH-allow"
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; echo ""
[Nn]* ) echo "please type name of current administrator" echo ""
read -r -p MYADMIN fi
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; ;;
* ) echo "Please answer yes or no.";; [Nn]* ) echo "Skipped ssh config"
esac
sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed"
states1="12";; states1="12";;
* ) echo "Please answer yes or no.";;
esac esac
fi
fi
echo "" echo ""
echo "-------------------------------------------------------------------------------------------" echo "-------------------------------------------------------------------------------------------"
echo "" echo ""
read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' )
if [ "$givesudo" = "yes" ]
then
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "sudoers.d/sudoers file seems already to be modified, skipping..."
echo ""
else
disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' )
if [ "$disssu" = "yes" ]
then
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
else
if [ "$disssu" = "no" ]
then
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
else
echo "error in readfile config"
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
fi
fi
fi
else
if [ "$givesudo" = "no" ]
then
echo "Not giving a sudo"
sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
echo "Skipping"
states="12"
else
read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration" [Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then then
echo "" echo ""
echo "The Sudoers file seems already to be modified, skipping..." echo "The Sudoers file seems already to be modified, skipping..."
echo "" echo ""
else else
read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) [Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
@ -125,6 +183,8 @@ fi
* ) echo "Please answer yes or no." * ) echo "Please answer yes or no."
;; ;;
esac esac
fi
fi
homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 )
if [ "$homedir" = "0022" ] if [ "$homedir" = "0022" ]
then then
@ -337,49 +397,107 @@ grouPs="null"
therealm="null" therealm="null"
cauth="null" cauth="null"
clear clear
read -r -p 'Do you wish to enable SSH login.group.allowed (y/n)?' yn admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' )
if [ "$sshsec" = "yes" ]
then
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "SSHsecurity Files seems already to be modified, skipping..."
else
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' )
if [ "$localadmin" = "null" ]
then
localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
else
sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi
fi
else
if [ "$sshsec" = "no" ]
then
echo "Skipping SSHSecurity config"
else
read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration" [Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then then
echo "Files seems already to be modified, skipping..." echo " SSHsecurityFiles seems already to be modified, skipping..."
else else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/sshd echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
echo "" sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
echo "" sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
read -r -p "Is your current administrator = $admins ? (y/n)?" yn sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
case $yn in echo "enabled SSH-allow"
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; echo ""
[Nn]* ) echo "please type name of current administrator" echo ""
read -r -p MYADMIN fi
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; ;;
* ) echo "Please answer yes or no.";; [Nn]* ) echo "Skipped ssh config"
esac
sudo echo "$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed"
states1="12";; states1="12";;
* ) echo "Please answer yes or no.";;
esac esac
fi
fi
echo "" echo ""
echo "-------------------------------------------------------------------------------------------" echo "-------------------------------------------------------------------------------------------"
echo "" echo ""
read -r -p 'Do you wish to give users on this machine sudo rights?(y/n)?' yn givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' )
if [ "$givesudo" = "yes" ]
then
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "sudoers.d/sudoers file seems already to be modified, skipping..."
echo ""
else
disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' )
if [ "$disssu" = "yes" ]
then
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
else
if [ "$disssu" = "no" ]
then
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
else
echo "error in readfile config"
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
fi
fi
fi
else
if [ "$givesudo" = "no" ]
then
echo "Not giving a sudo"
sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed
echo "Skipping"
states="12"
else
read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration" [Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then then
echo "" echo ""
echo "The Sudoers file seems already to be modified, skipping..." echo "The Sudoers file seems already to be modified, skipping..."
echo "" echo ""
else else
read -r -p 'Do you wish to DISABLE password promt for users in terminal? (y/n)?' yn read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn
case $yn in case $yn in
[Yy]* ) [Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
@ -388,20 +506,27 @@ sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/
#sudo realm permit --groups "$myhost""sudoers" #sudo realm permit --groups "$myhost""sudoers"
;; ;;
[Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers [Nn]* )
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers" #sudo realm permit --groups "$myhost""sudoers"
;; ;;
* ) echo "Please answer yes or no.";; * ) echo "Please answer yes or no.";;
esac esac
fi;; fi
[Nn]* ) echo "Disabled sudo rights for users on this machine" ;;
[Nn]* )
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
echo "Disabled sudo rights for users on this machine"
echo "" echo ""
echo "" echo ""
states="12";; states="12";;
* ) echo 'Please answer yes or no.';; * ) echo "Please answer yes or no."
;;
esac esac
fi
fi
homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 )
if [ "$homedir" = "0022" ] if [ "$homedir" = "0022" ]
then then