From 822d383a4896cc9f426f07bb14492a0cf0d73e13 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 26 Mar 2018 10:45:09 +0200 Subject: [PATCH] Added Kali linux --- ADconnection.sh | 220 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 218 insertions(+), 2 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 6bb7413..da0b7d3 100644 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -51,11 +51,16 @@ then echo "this seems to be a raspberry Pi" raspberry else +kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) +if [ "$kalilinux" = "Kali" ] +then +kalijoin +else echo " this seems to be a server, swithching to server mode" -sleep 2 ubuntuserver14 fi fi +fi export HOSTNAME myhost=$( hostname ) clear @@ -467,8 +472,218 @@ sudo service sssd restart realm discover $DOMAIN echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}" eof +exit } +####################################### Kali ############################################ + +kalijoin(){ +export HOSTNAME +myhost=$( hostname ) +export whoami +whoamis=$( whoami ) +admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 ) +echo "$admins ALL=(ALL:ALL) ALL | tee -a /etc/sudoers.d/admin" +fi +clear +sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}" +sudo apt-get update +sudo apt-get install libsss-sudo -y +sudo apt-get install realmd adcli sssd -y +sudo apt-get install ntp -y +sudo apt-get install policykit-1 -y +sudo mkdir -p /var/lib/samba/private +sudo apt-get -qq install realmd adcli sssd -y +sudo apt-get -qq install ntp -y +clear +sudo dpkg -l | grep realmd +if [ $? = 0 ] +then +clear +sudo echo "${INTRO_TEXT}"Pakages installed"${END}" +else +clear +sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}" +exit +fi +echo "hostname is $myhost" +sleep 1 +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +ping -c 2 $DOMAIN >/dev/null +if [ $? = 0 ] +then +clear +echo "${NUMBER}I searched for an available domain and found $DOMAIN ${END}" +read -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +else +clear +echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" +echo "Please enter the domain you wish to join:" +read -r DOMAIN +fi +NetBios=$(echo $DOMAIN | cut -d '.' -f1) +echo "${INTRO_TEXT}"Please type Admin user:"${END}" +read ADMIN +clear +sudo echo "${INTRO_TEXT}"Realm= $DOMAIN"${INTRO_TEXT}" +sudo echo "${NORMAL}${NORMAL}" +sudo realm join --verbose --user=$ADMIN $DOMAIN --install=/ +if [ $? -ne 0 ]; then + echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}" + exit +fi +sudo echo "############################" +sudo echo "Configuratig files.." +sudo echo "Verifying the setup" +sudo systemctl enable sssd +sudo systemctl start sssd +states=$( echo null ) +states1=$( echo null ) +grouPs=$( echo null ) +therealm=$( echo null ) +cauth=$( echo null ) +clear +read -p "${RED_TEXT}"'Do you wish to enable SSH login.group.allowed'"${END}""${NUMBER}"'(y/n)?'"${END}" yn + case $yn in + [Yy]* ) sudo echo "Cheking if there is any previous configuration" + if [ -f /etc/ssh/login.group.allowed ] +then +echo "Files seems already to be modified, skipping..." +else +echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" +echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth +sudo touch /etc/ssh/login.group.allowed +admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 ) +echo "" +echo "" +read -p "Is your current administrator = "$admins" ? (y/n)?" yn + case $yn in + [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; + [Nn]* ) echo "please type name of current administrator" +read -p MYADMIN +sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;; + * ) echo "Please answer yes or no.";; + esac +sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed +sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed +sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed +echo "enabled SSH-allow" +fi;; + [Nn]* ) echo "Disabled SSH login.group.allowed" + states1=$( echo 12 );; + * ) echo "Please answer yes or no.";; + esac +echo "" +echo "-------------------------------------------------------------------------------------------" +echo "" +read -p "${RED_TEXT}"'Do you wish to give users on this machine sudo rights?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn + case $yn in + [Yy]* ) sudo echo "Cheking if there is any previous configuration" + if [ -f /etc/sudoers.d/sudoers ] +then +echo "" +echo "Sudoersfile seems already to be modified, skipping..." +echo "" +else +sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers +sudo echo "%domain\ users ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers +sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins +#sudo realm permit --groups "$myhost""sudoers" +fi;; + [Nn]* ) echo "Disabled sudo rights for users on this machine" + echo "" + echo "" + states=$( echo 12 );; + * ) echo 'Please answer yes or no.';; + esac +homedir=$( cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3 ) +if [ $homedir = 0022 ] +then +echo "pam_mkhomedir.so configured" +sleep 1 +else +echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session +fi +clear +sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf +sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf +sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf +sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf +echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf +cat /etc/sssd/sssd.conf | grep -i override +sudo echo "[nss] +filter_groups = root +filter_users = root +reconnection_retries = 3 +entry_cache_timeout = 300 +entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf +sudo service sssd restart +if [ $? = 0 ] +then +echo "Checking sssd config.. OK" +else +echo "Checking sssd config.. FAIL" +fi +therealm=$( realm discover | grep -i realm-name | awk '{print $2}') +if [ "$therealm" = no ] +then +echo Realm configured?.. "${RED_TEXT}"FAIL"${END}" +else +echo Realm configured?.. "${INTRO_TEXT}"OK"${END}" +fi +if [ $states = 12 ] +then +echo "Sudoers not configured... skipping" +else +if [ -f /etc/sudoers.d/sudoers ] +then +echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}" +else +echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}" +fi +grouPs=$(cat /etc/sudoers.d/sudoers | grep -i "$myhost" | cut -d '%' -f2 | awk '{print $1}') +if [ "$grouPs" = "$myhost""sudoers" ] +then +echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" +fi +homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) +if [ $homedir = 0022 ] +then +echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" +fi +if [ $states1 = 12 ] +then +echo "Disabled SSH login.group.allowed" +else +cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}') +if [ $cauth = allow ] +then +echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}" +fi +fi +realm discover $DOMAIN +echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}" +exit +fi +} + + + + + ####################################### Debian ########################################## debianclient(){ @@ -816,12 +1031,13 @@ sudo echo "[nss] filter_groups = root filter_users = root reconnection_retries = 3 -entry_cache_timeout = 300 +entry_cache_timeout = 5400 entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf sudo service sssd restart realm discover $DOMAIN echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}" eof +exit } ############################### Raspberry Pi ###################################