DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 16:50:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update ADconnection.sh

Browse Source
This commit is contained in:
PierreGoude 2017-09-22 10:24:45 +02:00 committed by GitHub
parent c9fbd68b29
commit 80c10f7992
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ADconnection.sh
View File

@ -539,24 +539,31 @@ sudo echo "Configuratig files.."
sudo echo "Verifying the setup" sudo echo "Verifying the setup"
sudo systemctl enable sssd sudo systemctl enable sssd
sudo systemctl start sssd sudo systemctl start sssd
states=$( echo null )
states1=$( echo null )
grouPs=$( echo null )
therealm=$( echo null )
cauth=$( echo null )
clear clear
read -p "Do you wish to enable SSH allow/disble protection (y/n)?" yn read -p "${RED_TEXT}"'Do you wish to enable SSH login.group.allowed'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Cheking if there is any previous configuration" [Yy]* ) sudo echo "Cheking if there is any previous configuration"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
if [ -f /etc/ssh/login.group.allowed ] if [ -f /etc/ssh/login.group.allowed ]
then then
echo "Files seems already to be modified, skipping..." echo "Files seems already to be modified, skipping..."
else else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 ) admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -p "Is your current administrator = "$admins" ? (y/n)?" yn read -p "Is your current administrator = "$admins" ? (y/n)?" yn
case $yn in case $yn in
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;;
[Nn]* ) echo "please type name of current administrator" [Nn]* ) echo "please type name of current administrator"
read -p MYADMIN read -p MYADMIN
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;;
* ) echo "Please answer yes or no.";; * ) echo "Please answer yes or no.";;
esac esac
sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
@ -564,15 +571,21 @@ sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowe
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow" echo "enabled SSH-allow"
fi;; fi;;
[Nn]* ) echo "disabled SSH allow";; [Nn]* ) echo "Disabled SSH login.group.allowed"
states1=$( echo 12 );;
* ) echo "Please answer yes or no.";; * ) echo "Please answer yes or no.";;
esac esac
read -p "Do you wish to give users on this machine sudo rights? (y/n)?" yn echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -p "${RED_TEXT}"'Do you wish to give users on this machine sudo rights?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
case $yn in case $yn in
[Yy]* ) sudo echo "Cheking if there is any previous configuration" [Yy]* ) sudo echo "Cheking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] if [ -f /etc/sudoers.d/sudoers ]
then then
echo ""
echo "Sudoersfile seems already to be modified, skipping..." echo "Sudoersfile seems already to be modified, skipping..."
echo ""
else else
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
@ -580,7 +593,10 @@ sudo echo "%domain\ users ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoer
sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers" #sudo realm permit --groups "$myhost""sudoers"
fi;; fi;;
[Nn]* ) echo "disabled sudo rights for users on this machine";; [Nn]* ) echo "Disabled sudo rights for users on this machine"
echo ""
echo ""
states=$( echo 12 );;
* ) echo 'Please answer yes or no.';; * ) echo 'Please answer yes or no.';;
esac esac
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session