From f155173571c66e87e8c679f4f2c6d6eedf918ac8 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 08:29:14 +0100 Subject: [PATCH 01/23] Update readfile --- readfile | 1 + 1 file changed, 1 insertion(+) diff --git a/readfile b/readfile index 8b2b288..4e0baaa 100644 --- a/readfile +++ b/readfile @@ -1,4 +1,5 @@ 2020-03-24 # Work in progress +USESASL = null # yes or no to use SASL SASL = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer SUDOERS = null # yes or no for adding group in sudoers From 771605ff5ec40fa711fff2151d1e007cce98f12f Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 09:46:55 +0100 Subject: [PATCH 02/23] Update readfile --- readfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/readfile b/readfile index 4e0baaa..41c43a0 100644 --- a/readfile +++ b/readfile @@ -1,7 +1,9 @@ 2020-03-24 # Work in progress +################ ldaps config #################### USESASL = null # yes or no to use SASL -SASL = null # Address of domaincontroller +LDAPS = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer +################ sudo config #################### SUDOERS = null # yes or no for adding group in sudoers SSHSECURE = null # yes or no for for Blocking anyone but aprooved users SUDOPROMT = null # yes or no for disable sudo promt in terminal From 20533daa1fd96cc24df12fa20a621a9c11e9d82e Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 09:47:54 +0100 Subject: [PATCH 03/23] Update readfile --- readfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/readfile b/readfile index 41c43a0..a615827 100644 --- a/readfile +++ b/readfile @@ -1,9 +1,9 @@ 2020-03-24 # Work in progress ################ ldaps config #################### -USESASL = null # yes or no to use SASL +USESASL = null # yes or null to use SASL LDAPS = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer ################ sudo config #################### -SUDOERS = null # yes or no for adding group in sudoers -SSHSECURE = null # yes or no for for Blocking anyone but aprooved users -SUDOPROMT = null # yes or no for disable sudo promt in terminal +SUDOERS = null # yes or null for adding group in sudoers +SSHSECURE = null # yes or null for for Blocking anyone but aprooved users +SUDOPROMT = null # yes or null for disable sudo promt in terminal From 913e713a017a5acf65347227150de11ee010dd77 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 09:52:29 +0100 Subject: [PATCH 04/23] Update ADconnection.sh --- ADconnection.sh | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 7764010..b792bf3 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -181,15 +181,35 @@ sudo echo "#entry_cache_user_timeout = 5400 #ad_enable_gc = False entry_cache_timeout = 600 entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives - sudo service sssd restart sleep 1 clear +usesasl=$( cat readfile | grep USESASL | awk '{print $3}') +if [ "$usesasl" = "yes" ] +then +sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) + if [ "$sasl" = "null" ] + then + echo "You need to specify domaincontroller in readfile" + exit + else + echo "$sasl" + cacer=$( cat readfile | grep CACERT | awk '{print $3}' ) + if ! ls $cacer + then echo "No root CA found, check your path to file" + else + echo "Applied config from readfile" + #sed -i "/krb5_realm = /a ldap_uri = $LdapsDC" /etc/sssd/sssd.conf + #sed -i "/krb5_realm = /a ldap_tls_cacert = $cacert" /etc/sssd/sssd.conf + echo "Applied config from readfile" + fi + fi +else echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder" read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn case $yn in [Yy]* ) -if [ -f /usr/share/ca-certificates/root/*.cer ] +if [ -f "/usr/share/ca-certificates/root/*.cer" ] then cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 ) echo "Type in address of your Domaincontroller: ex: dc01.com" @@ -221,6 +241,7 @@ fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac +fi ################################# Check ####################################### if ! sudo service sssd restart then From 2009c76b3541bf6c21cebc9745c246f649cf62ec Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 09:55:34 +0100 Subject: [PATCH 05/23] Update ADconnection.sh --- ADconnection.sh | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/ADconnection.sh b/ADconnection.sh index b792bf3..ff6cd9a 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -449,12 +449,34 @@ entry_cache_timeout = 600 #ldap_group_member = uniquemember #ad_enable_gc = False entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf +sudo service sssd restart clear +usesasl=$( cat readfile | grep USESASL | awk '{print $3}') +if [ "$usesasl" = "yes" ] +then +sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) + if [ "$sasl" = "null" ] + then + echo "You need to specify domaincontroller in readfile" + exit + else + echo "$sasl" + cacer=$( cat readfile | grep CACERT | awk '{print $3}' ) + if ! ls $cacer + then echo "No root CA found, check your path to file" + else + echo "Applied config from readfile" + #sed -i "/krb5_realm = /a ldap_uri = $LdapsDC" /etc/sssd/sssd.conf + #sed -i "/krb5_realm = /a ldap_tls_cacert = $cacert" /etc/sssd/sssd.conf + echo "Applied config from readfile" + fi + fi +else echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder" read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn case $yn in [Yy]* ) -if [ -f /usr/share/ca-certificates/root/*.cer ] +if [ -f "/usr/share/ca-certificates/root/*.cer" ] then cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 ) echo "Type in address of your Domaincontroller: ex: dc01.com" @@ -474,6 +496,7 @@ tlsca=$( cat /etc/sssd/sssd.conf | grep ldap_tls_cacert | awk '{print $1}' ) else sed -i "/krb5_realm = /a ldap_uri = $LdapsDC" /etc/sssd/sssd.conf sed -i "/krb5_realm = /a ldap_tls_cacert = $cacert" /etc/sssd/sssd.conf + #sed -i -e 's/id_provider = ad/id_provider = ldap/g' /etc/sssd/sssd.conf # failing line: giving no on configured: and user is unable to update password. sudo service sssd restart fi;; [Nn]* )echo "";; @@ -485,6 +508,7 @@ fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac +fi ####################### Check ######################### if ! sudo service sssd restart then From d78cc63b40461a9ab9bfe62555cdcb8831e41604 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 10:11:15 +0100 Subject: [PATCH 06/23] Update readfile --- readfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/readfile b/readfile index a615827..7982be2 100644 --- a/readfile +++ b/readfile @@ -4,6 +4,6 @@ USESASL = null # yes or null to use SASL LDAPS = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer ################ sudo config #################### -SUDOERS = null # yes or null for adding group in sudoers -SSHSECURE = null # yes or null for for Blocking anyone but aprooved users -SUDOPROMT = null # yes or null for disable sudo promt in terminal +SUDOERS = null # yes or no for adding group in sudoers #null for manual setup +SSHSECURE = null # yes or no for for Blocking anyone but aprooved users #null for manual setup +SUDOPROMT = null # yes or no for disable sudo promt in terminal #null for manual setup From e8afa1b600ba87beb1209cc8f5134b9246633d73 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 10:27:19 +0100 Subject: [PATCH 07/23] Update readfile --- readfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readfile b/readfile index 7982be2..ab51a6b 100644 --- a/readfile +++ b/readfile @@ -3,7 +3,8 @@ USESASL = null # yes or null to use SASL LDAPS = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer -################ sudo config #################### +################ auth config #################### +LOCALADMIN = null # name of the user for the local account # like :administrator #null sets administrator as default user SUDOERS = null # yes or no for adding group in sudoers #null for manual setup SSHSECURE = null # yes or no for for Blocking anyone but aprooved users #null for manual setup SUDOPROMT = null # yes or no for disable sudo promt in terminal #null for manual setup From 49505818f8d0b1eafb4e6ce173b11e5dcc70cf20 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 14:50:31 +0100 Subject: [PATCH 08/23] Update readfile --- readfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readfile b/readfile index ab51a6b..56e6e3b 100644 --- a/readfile +++ b/readfile @@ -7,4 +7,4 @@ CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/ro LOCALADMIN = null # name of the user for the local account # like :administrator #null sets administrator as default user SUDOERS = null # yes or no for adding group in sudoers #null for manual setup SSHSECURE = null # yes or no for for Blocking anyone but aprooved users #null for manual setup -SUDOPROMT = null # yes or no for disable sudo promt in terminal #null for manual setup +DISSPROMT = null # yes or no for disable sudo promt in terminal #null for manual setup From 09a2cc8a0bc666f6fe3494348073dbb3f97c4142 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 14:59:44 +0100 Subject: [PATCH 09/23] First readfile implementation First readfile implementation waithing for tests.. --- ADconnection.sh | 283 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 204 insertions(+), 79 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index ff6cd9a..0bc393b 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -55,50 +55,108 @@ grouPs="null" therealm="null" cauth="null" clear -read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn - case $yn in - [Yy]* ) sudo echo "Checking if there is any previous configuration" - if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 -then -echo "Files seems already to be modified, skipping..." -else -echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" -echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth -sudo touch /etc/ssh/login.group.allowed admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) -echo "" -echo "" -read -r -p "Is your current administrator = '$admins' ? (y/n)?" yn - case $yn in - [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; - [Nn]* ) echo "please type name of current administrator" -read -r -p MYADMIN -sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; - * ) echo "Please answer yes or no.";; - esac -sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed -sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed -sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed -echo "enabled SSH-allow" -fi;; - [Nn]* ) echo "Disabled SSH login.group.allowed" - states1="12";; - * ) echo "Please answer yes or no.";; - esac +sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) +if [ "$sshsec" = "yes" ] +then + if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 + then + echo "SSHsecurity Files seems already to be modified, skipping..." + else + echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth + sudo touch /etc/ssh/login.group.allowed + localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) + if [ "$localadmin" = "null" ] + then + localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) + else + sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "enabled SSH-allow" + fi + fi +else +if [ "$sshsec" = "no" ] +then +echo "Skipping SSHSecurity config" +else + read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn + case $yn in + [Yy]* ) sudo echo "Checking if there is any previous configuration" + if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 + then + echo " SSHsecurityFiles seems already to be modified, skipping..." + else + echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" + echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth + sudo touch /etc/ssh/login.group.allowed + sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "enabled SSH-allow" + echo "" + echo "" + fi +;; + [Nn]* ) echo "Skipped ssh config" + states1="12";; + esac +fi +fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" -read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn +givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) +if [ "$givesudo" = "yes" ] +then + if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 + then + echo "" + echo "sudoers.d/sudoers file seems already to be modified, skipping..." + echo "" + else + disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) + if [ "$disssu" = "yes" ] + then + sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins + #sudo realm permit --groups "$myhost""sudoers" + else + if [ "$disssu" = "no" ] + then + sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins + #sudo realm permit --groups "$myhost""sudoers" + else + echo "error in readfile config" + sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + fi + fi + fi +else + if [ "$givesudo" = "no" ] + then + echo "Not giving a sudo" + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "Skipping" + states="12" + else + read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 -then -echo "" -echo "The Sudoers file seems already to be modified, skipping..." -echo "" -else -read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn - case $yn in + then + echo "" + echo "The Sudoers file seems already to be modified, skipping..." + echo "" + else + read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn + case $yn in [Yy]* ) sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers @@ -125,6 +183,8 @@ fi * ) echo "Please answer yes or no." ;; esac +fi +fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) if [ "$homedir" = "0022" ] then @@ -337,50 +397,108 @@ grouPs="null" therealm="null" cauth="null" clear -read -r -p 'Do you wish to enable SSH login.group.allowed (y/n)?' yn - case $yn in - [Yy]* ) sudo echo "Checking if there is any previous configuration" - if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 -then -echo "Files seems already to be modified, skipping..." -else -echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" -echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/sshd -sudo touch /etc/ssh/login.group.allowed admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) -echo "" -echo "" -read -r -p "Is your current administrator = $admins ? (y/n)?" yn - case $yn in - [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; - [Nn]* ) echo "please type name of current administrator" -read -r -p MYADMIN -sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; - * ) echo "Please answer yes or no.";; - esac -sudo echo "$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed -sudo echo "domain^admins" | sudo tee -a /etc/ssh/login.group.allowed -sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed -echo "enabled SSH-allow" -fi;; - [Nn]* ) echo "Disabled SSH login.group.allowed" - states1="12";; - * ) echo "Please answer yes or no.";; - esac +sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) +if [ "$sshsec" = "yes" ] +then + if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 + then + echo "SSHsecurity Files seems already to be modified, skipping..." + else + echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth + sudo touch /etc/ssh/login.group.allowed + localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) + if [ "$localadmin" = "null" ] + then + localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) + else + sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "enabled SSH-allow" + fi + fi +else +if [ "$sshsec" = "no" ] +then +echo "Skipping SSHSecurity config" +else + read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn + case $yn in + [Yy]* ) sudo echo "Checking if there is any previous configuration" + if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 + then + echo " SSHsecurityFiles seems already to be modified, skipping..." + else + echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" + echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth + sudo touch /etc/ssh/login.group.allowed + sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "enabled SSH-allow" + echo "" + echo "" + fi +;; + [Nn]* ) echo "Skipped ssh config" + states1="12";; + esac +fi +fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" -read -r -p 'Do you wish to give users on this machine sudo rights?(y/n)?' yn +givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) +if [ "$givesudo" = "yes" ] +then + if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 + then + echo "" + echo "sudoers.d/sudoers file seems already to be modified, skipping..." + echo "" + else + disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) + if [ "$disssu" = "yes" ] + then + sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins + #sudo realm permit --groups "$myhost""sudoers" + else + if [ "$disssu" = "no" ] + then + sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins + #sudo realm permit --groups "$myhost""sudoers" + else + echo "error in readfile config" + sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + fi + fi + fi +else + if [ "$givesudo" = "no" ] + then + echo "Not giving a sudo" + sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed + echo "Skipping" + states="12" + else + read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 -then -echo "" -echo "The Sudoers file seems already to be modified, skipping..." -echo "" -else -read -r -p 'Do you wish to DISABLE password promt for users in terminal? (y/n)?' yn - case $yn in + then + echo "" + echo "The Sudoers file seems already to be modified, skipping..." + echo "" + else + read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn + case $yn in [Yy]* ) sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers @@ -388,20 +506,27 @@ sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/ #sudo realm permit --groups "$myhost""sudoers" ;; - [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + [Nn]* ) +sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" ;; * ) echo "Please answer yes or no.";; esac -fi;; - [Nn]* ) echo "Disabled sudo rights for users on this machine" +fi +;; + [Nn]* ) + sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers + echo "Disabled sudo rights for users on this machine" echo "" echo "" states="12";; - * ) echo 'Please answer yes or no.';; - esac + * ) echo "Please answer yes or no." + ;; + esac +fi +fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) if [ "$homedir" = "0022" ] then From 772e967198919f8fe67d3cf164759d85351e07d8 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 16:23:34 +0100 Subject: [PATCH 10/23] Update ADconnection.sh --- ADconnection.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 0bc393b..625d89b 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -424,7 +424,7 @@ if [ "$sshsec" = "no" ] then echo "Skipping SSHSecurity config" else - read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn + read -r -p "Do you wish to enable SSH login.group.allowed(y/n)?" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 @@ -475,7 +475,6 @@ then sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" else - echo "error in readfile config" sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers fi fi @@ -488,7 +487,7 @@ else echo "Skipping" states="12" else - read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn + read -r -p "Do you wish to give users on this machine sudo rights?(y/n)?" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 @@ -497,7 +496,7 @@ else echo "The Sudoers file seems already to be modified, skipping..." echo "" else - read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn + read -r -p "Do you wish to DISABLE password prompt for users in terminal?(y/n)?" yn case $yn in [Yy]* ) sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers From 5d26133670018099ad8a73cfff22ec0f580f7690 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 16:33:46 +0100 Subject: [PATCH 11/23] Update ADconnection.sh --- ADconnection.sh | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 625d89b..108138b 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -10,12 +10,13 @@ ################################################################################################################################## #known bugs: Sometimes the script bugs after AD administrator tries to authenticate, temporary solution is running the script again # a couple of times. if it still is not working see lines 30-39 -#known bugs: see line 31-32 +#known bugs: see line 32-33 #known bugs:sometimes domain discovery fails, it can help canceling the script and re-running it, if not verify dns setting on client, #and on DC, also check that searchname has your domain -# see lines 370-388 for more advanced or specific setups of SSSD -#more Distros will be added during 2019 -#support added for ubutnu 19.04 2019-11-11 +# /etc/sssd/sssd.alternatives for more advanced or specific setups of SSSD +#more Distros will be added during 2020 +#Added support for elementary 01/2020 +#Added support for Ubuntu 20 02/2020 # ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ # NORMAL=$(printf "\033[m") @@ -28,17 +29,14 @@ ################################ fix errors # funktion not called ################ fixerrors(){ -#this funktion is not called in the script : to activate, uncomment line line 31 #fixerrors +#this funktion is not called in the script : to activate, uncomment line line 38 #fixerrors #This funktion installs additional packages due to known issues with Joining and the join hangs after the admin auth sudo add-apt-repository ppa:xtrusia/packagekit-fix sudo apt-get update sudo apt-get install packagekit -MENU_FN -} +PRECHECK_FN #fixerrors -#Realmdupdate11 -#Added support for elementary 01/2020 -#Added support for Ubuntu 20 02/2020 +} ####################### final auth ################################################################## #this section will do the last part, configure sssd, ssh, login session sam files and sudoers# fi_auth(){ From d736c91dcd538f957ff6a3581fc322fc176e3f1b Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 17:03:13 +0100 Subject: [PATCH 12/23] Update ADconnection.sh --- ADconnection.sh | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 108138b..4e27205 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -54,7 +54,7 @@ therealm="null" cauth="null" clear admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) -sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) +sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' ) if [ "$sshsec" = "yes" ] then if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 @@ -63,7 +63,7 @@ then else echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed - localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) + localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' ) if [ "$localadmin" = "null" ] then localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) @@ -107,7 +107,7 @@ fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" -givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) +givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' ) if [ "$givesudo" = "yes" ] then if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 @@ -116,7 +116,7 @@ then echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "" else - disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) + disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' ) if [ "$disssu" = "yes" ] then sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers @@ -242,7 +242,7 @@ entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives sudo service sssd restart sleep 1 clear -usesasl=$( cat readfile | grep USESASL | awk '{print $3}') +usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) if [ "$usesasl" = "yes" ] then sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) @@ -252,7 +252,7 @@ sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) exit else echo "$sasl" - cacer=$( cat readfile | grep CACERT | awk '{print $3}' ) + cacer=$( sudo grep CACERT readfile | awk '{print $3}' ) if ! ls $cacer then echo "No root CA found, check your path to file" else @@ -396,7 +396,7 @@ therealm="null" cauth="null" clear admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) -sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) +sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' ) if [ "$sshsec" = "yes" ] then if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 @@ -405,7 +405,7 @@ then else echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed - localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) + localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' ) if [ "$localadmin" = "null" ] then localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) @@ -449,7 +449,7 @@ fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" -givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) +givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' ) if [ "$givesudo" = "yes" ] then if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 @@ -458,7 +458,7 @@ then echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "" else - disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) + disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' ) if [ "$disssu" = "yes" ] then sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers @@ -552,13 +552,15 @@ sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/ sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf -sudo grep -i override /etc/sssd/sssd.conf +sudo sudo grep -i override /etc/sssd/sssd.conf sudo echo "[nss] filter_groups = root filter_users = root reconnection_retries = 3 -entry_cache_timeout = 600 -#entry_cache_user_timeout = 5400 +entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf +sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf +sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf +sudo echo "#entry_cache_user_timeout = 5400 #entry_cache_group_timeout = 5400 #cache_credentials = TRUE ### Added to help with group mapping @@ -570,7 +572,8 @@ entry_cache_timeout = 600 #ldap_search_base = DC=$NetBios,DC=$coms #ldap_group_member = uniquemember #ad_enable_gc = False -entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf +entry_cache_timeout = 600 +entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives sudo service sssd restart clear usesasl=$( cat readfile | grep USESASL | awk '{print $3}') From e4c7e201f4d937ddf95fdc88b012e8403c02e69e Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 17:12:46 +0100 Subject: [PATCH 13/23] Update ADconnection.sh --- ADconnection.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 4e27205..56d7343 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -245,7 +245,7 @@ clear usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) if [ "$usesasl" = "yes" ] then -sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) +sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) if [ "$sasl" = "null" ] then echo "You need to specify domaincontroller in readfile" @@ -279,7 +279,7 @@ echo "Found certificate $cacert" read -r -p "Is this information correct (y/n)?" yn case $yn in [Yy]* ) -tlsca=$( cat /etc/sssd/sssd.conf | grep ldap_tls_cacert | awk '{print $1}' ) +tlsca=$( sudo grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) if [ "$tlsca" = "ldap_tls_cacert" ] then echo "ldap_tls_cacert already in file" @@ -576,17 +576,17 @@ entry_cache_timeout = 600 entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives sudo service sssd restart clear -usesasl=$( cat readfile | grep USESASL | awk '{print $3}') +usesasl=$( grep USESASL readfile | awk '{print $3}' ) if [ "$usesasl" = "yes" ] then -sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) +sasl=$( grep LDAPS readfile | awk '{print $3}' ) if [ "$sasl" = "null" ] then echo "You need to specify domaincontroller in readfile" exit else echo "$sasl" - cacer=$( cat readfile | grep CACERT | awk '{print $3}' ) + cacer=$( grep CACERT readfile | awk '{print $3}' ) if ! ls $cacer then echo "No root CA found, check your path to file" else @@ -613,7 +613,7 @@ echo "Found certificate $cacert" read -r -p "Is this information correct (y/n)?" yn case $yn in [Yy]* ) -tlsca=$( cat /etc/sssd/sssd.conf | grep ldap_tls_cacert | awk '{print $1}' ) +tlsca=$( grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) if [ "$tlsca" = "ldap_tls_cacert" ] then echo "ldap_tls_cacert already in file" From 099588f0eb4f337e7affc32375f68795d6809daa Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Wed, 25 Mar 2020 17:18:57 +0100 Subject: [PATCH 14/23] Update ADconnection.sh --- ADconnection.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 56d7343..6c93a62 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -253,7 +253,7 @@ sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) else echo "$sasl" cacer=$( sudo grep CACERT readfile | awk '{print $3}' ) - if ! ls $cacer + if ! ls "$cacer" then echo "No root CA found, check your path to file" else echo "Applied config from readfile" @@ -587,7 +587,7 @@ sasl=$( grep LDAPS readfile | awk '{print $3}' ) else echo "$sasl" cacer=$( grep CACERT readfile | awk '{print $3}' ) - if ! ls $cacer + if ! ls "$cacer" then echo "No root CA found, check your path to file" else echo "Applied config from readfile" @@ -1551,7 +1551,7 @@ echo "" fi echo "-------------------------------------------------------------------------------------" echo "" -if ! realm discover $therealm +if ! realm discover "$therealm" then echo "realm not found" else From 004a87240006143f18a78ee46decb3c257cf9c02 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 27 Mar 2020 09:04:53 +0100 Subject: [PATCH 15/23] Update ADconnection.sh --- ADconnection.sh | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 6c93a62..52435e9 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -243,6 +243,10 @@ sudo service sssd restart sleep 1 clear usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) +if [ "$usesasl" = "no" ] +then +echo "Skipping SASL" +else if [ "$usesasl" = "yes" ] then sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) @@ -300,6 +304,7 @@ fi;; * ) echo "Please answer yes or no.";; esac fi +fi ################################# Check ####################################### if ! sudo service sssd restart then @@ -576,17 +581,21 @@ entry_cache_timeout = 600 entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives sudo service sssd restart clear -usesasl=$( grep USESASL readfile | awk '{print $3}' ) +usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) +if [ "$usesasl" = "no" ] +then +echo "Skipping SASL" +else if [ "$usesasl" = "yes" ] then -sasl=$( grep LDAPS readfile | awk '{print $3}' ) +sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) if [ "$sasl" = "null" ] then echo "You need to specify domaincontroller in readfile" exit else echo "$sasl" - cacer=$( grep CACERT readfile | awk '{print $3}' ) + cacer=$( sudo grep CACERT readfile | awk '{print $3}' ) if ! ls "$cacer" then echo "No root CA found, check your path to file" else @@ -613,7 +622,7 @@ echo "Found certificate $cacert" read -r -p "Is this information correct (y/n)?" yn case $yn in [Yy]* ) -tlsca=$( grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) +tlsca=$( sudo grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) if [ "$tlsca" = "ldap_tls_cacert" ] then echo "ldap_tls_cacert already in file" @@ -634,6 +643,7 @@ fi;; * ) echo "Please answer yes or no.";; esac fi +fi ####################### Check ######################### if ! sudo service sssd restart then From 1a154a68d345420cd927a5914d4ce222e8b19895 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 27 Mar 2020 09:10:15 +0100 Subject: [PATCH 16/23] Update readfile --- readfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/readfile b/readfile index 56e6e3b..f60d253 100644 --- a/readfile +++ b/readfile @@ -1,10 +1,10 @@ -2020-03-24 # Work in progress +# "null" is for manual setup and will result in promts. ################ ldaps config #################### -USESASL = null # yes or null to use SASL +USESASL = null # yes or no to use SASL LDAPS = null # Address of domaincontroller CACERT = null # full path and file to CAroot like: /usr/share/ca-certificates/root/myCA.cer ################ auth config #################### LOCALADMIN = null # name of the user for the local account # like :administrator #null sets administrator as default user SUDOERS = null # yes or no for adding group in sudoers #null for manual setup SSHSECURE = null # yes or no for for Blocking anyone but aprooved users #null for manual setup -DISSPROMT = null # yes or no for disable sudo promt in terminal #null for manual setup +DISSPROMT = null # yes or no for disable sudo promt in terminal From 07fdfe4a3059ecd80e24ae2938d3b98029d969c1 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 27 Mar 2020 09:12:11 +0100 Subject: [PATCH 17/23] Update readfile --- readfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readfile b/readfile index f60d253..ee4748b 100644 --- a/readfile +++ b/readfile @@ -1,4 +1,4 @@ -# "null" is for manual setup and will result in promts. +# "null" is for manual setup and will result in promts. misconfuguration will result in skipping that config and giving promts. ################ ldaps config #################### USESASL = null # yes or no to use SASL LDAPS = null # Address of domaincontroller From f0991aeb9ce7be1c4b59576b9a0ef6fc1bc4ac23 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 10:56:09 +0200 Subject: [PATCH 18/23] Update ADconnection.sh --- ADconnection.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index 52435e9..369de85 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -183,7 +183,7 @@ fi esac fi fi -homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] then echo "pam_mkhomedir.so configured" @@ -341,7 +341,7 @@ echo "Checking sudoers groups.. ${INTRO_TEXT}OK${END}" else echo "Checking sudoers groups.. ${RED_TEXT}FAIL${END}" fi -homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM session configuration.. ${INTRO_TEXT}OK${END}" @@ -352,7 +352,7 @@ if [ $states1 = 12 ] then echo "Disabled SSH login.group.allowed" else -cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}') +cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. ${INTRO_TEXT}OK${END}" @@ -529,7 +529,7 @@ fi esac fi fi -homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 ) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] then echo "pam_mkhomedir.so configured" @@ -678,7 +678,7 @@ echo "Checking sudoers user groups.. OK" else echo "Checking sudoers user groups.. FAIL" fi -homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. OK" @@ -689,7 +689,7 @@ if [ "$states1" = "12" ] then echo "Disabled SSH login.group.allowed" else -cauth=$(grep required /etc/pam.d/sshd | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}') +cauth=$( grep required /etc/pam.d/sshd | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. OK" @@ -1072,14 +1072,14 @@ echo "Checking sudoers users.. ${INTRO_TEXT}OK${END}" else echo "Checking sudoers users.. ${RED_TEXT}FAIL${END}" fi -homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. ${INTRO_TEXT}OK${END}" else echo "Checking PAM configuration.. ${RED_TEXT}FAIL${END}" fi -cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) +cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration..${INTRO_TEXT}OK${END}" @@ -1525,14 +1525,14 @@ grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print else echo Checking sudoers file.. "${RED_TEXT}FAIL${END}" fi -homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" -eq "0022" ] < /dev/null > /dev/null 2>&1 then echo Checking PAM configuration.. "${INTRO_TEXT}OK${END}" else echo Checking PAM configuration.. "${RED_TEXT}FAIL${END}" fi -cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) +cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 then echo Checking PAM auth configuration.. "${INTRO_TEXT}OK${END}" @@ -1598,7 +1598,7 @@ else echo "Checking sudoers file.. FAIL not configured" fi fi -homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3) +homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. OK" From 59e43e93e6fff539779ba174bca63ce7fb164ffc Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 11:10:35 +0200 Subject: [PATCH 19/23] Update ADconnection.sh --- ADconnection.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ADconnection.sh b/ADconnection.sh index 369de85..ac83caa 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -1080,7 +1080,7 @@ else echo "Checking PAM configuration.. ${RED_TEXT}FAIL${END}" fi cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) -if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 +if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration..${INTRO_TEXT}OK${END}" else From 0ed71f517dbbb75f323ffb12016a661514876c32 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 11:11:54 +0200 Subject: [PATCH 20/23] Update ADconnection.sh --- ADconnection.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index ac83caa..b1b8765 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -353,7 +353,7 @@ then echo "Disabled SSH login.group.allowed" else cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) -if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 +if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. ${INTRO_TEXT}OK${END}" else @@ -690,7 +690,7 @@ then echo "Disabled SSH login.group.allowed" else cauth=$( grep required /etc/pam.d/sshd | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) -if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 +if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. OK" else @@ -1533,7 +1533,7 @@ else echo Checking PAM configuration.. "${RED_TEXT}FAIL${END}" fi cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) -if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1 +if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo Checking PAM auth configuration.. "${INTRO_TEXT}OK${END}" else From 87be228576ecfb40417d4e7a72ab9a558dd3abb8 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 11:20:58 +0200 Subject: [PATCH 21/23] Update readfile --- readfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/readfile b/readfile index ee4748b..419a390 100644 --- a/readfile +++ b/readfile @@ -1,4 +1,6 @@ # "null" is for manual setup and will result in promts. misconfuguration will result in skipping that config and giving promts. +################ Config #################### +DOMAIN = null # insert domain name ex:domain.com leave null for autodiscover ( promt ) ################ ldaps config #################### USESASL = null # yes or no to use SASL LDAPS = null # Address of domaincontroller From 97a2433108f25a05456c5085e18b0ef1f0cb7118 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 11:43:22 +0200 Subject: [PATCH 22/23] Update ADconnection.sh --- ADconnection.sh | 311 ++++++++++++++++++++++++++++-------------------- 1 file changed, 180 insertions(+), 131 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index b1b8765..e6422a6 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -824,25 +824,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) @@ -947,25 +954,32 @@ clear sudo echo "${INTRO_TEXT}packages installed${END}" fi sleep 1 -DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}') -if ! ping -c 1 "$DOMAIN" -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" echo "${INTRO_TEXT}Please type DomainAdmin user:${END}" @@ -1136,25 +1150,32 @@ clear sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" >/dev/null -then -clear -echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found $DOMAIN ${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear +echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1208,25 +1229,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" sleep 1 -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" >/dev/null -then -clear -echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found $DOMAIN ${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear +echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1386,25 +1414,32 @@ sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" >/dev/null -then -clear -echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear +echo "I searched for an available domain and found nothing, please type your domain manually below..." +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "I searched for an available domain and found>>> $DOMAIN <<<" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi clear echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1435,25 +1470,32 @@ sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" >/dev/null -then -clear -echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear +echo "I searched for an available domain and found nothing, please type your domain manually below..." +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "I searched for an available domain and found>>> $DOMAIN <<<" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi clear echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -2130,25 +2172,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" >/dev/null -then -clear -echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear +echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) From ae2448ea416b12b84b31005f4af72f19a84ab644 Mon Sep 17 00:00:00 2001 From: PierreGode <8579922+PierreGode@users.noreply.github.com> Date: Fri, 3 Apr 2020 11:45:55 +0200 Subject: [PATCH 23/23] Update ADconnection.sh --- ADconnection.sh | 350 ++++++++++++++++++++++++------------------------ 1 file changed, 175 insertions(+), 175 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index e6422a6..e0cd80c 100755 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -824,32 +824,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) @@ -954,32 +954,32 @@ clear sudo echo "${INTRO_TEXT}packages installed${END}" fi sleep 1 -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" echo "${INTRO_TEXT}Please type DomainAdmin user:${END}" @@ -1150,32 +1150,32 @@ clear sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1229,32 +1229,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" sleep 1 -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1414,32 +1414,32 @@ sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "I searched for an available domain and found nothing, please type your domain manually below..." -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "I searched for an available domain and found>>> $DOMAIN <<<" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "I searched for an available domain and found>>> $DOMAIN <<<" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi clear echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -1470,32 +1470,32 @@ sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "I searched for an available domain and found nothing, please type your domain manually below..." -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "I searched for an available domain and found>>> $DOMAIN <<<" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "I searched for an available domain and found>>> $DOMAIN <<<" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi clear echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" @@ -2172,32 +2172,32 @@ sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" -REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) -if [ "$REALM" = "null" ] -then -DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') -if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 -then -clear +REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) +if [ "$REALM" = "null" ] +then +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 +then +clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" -echo "Please enter the domain you wish to join:" -read -r DOMAIN -else -clear -echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" -read -r -p "Do you wish to use it (y/n)?" yn - case $yn in - [Yy]* ) echo "";; - - [Nn]* ) echo "Please enter the domain you wish to join:" - read -r DOMAIN;; - * ) echo 'Please answer yes or no.';; - esac -fi -else -echo "Using Domain: $REALM" -DOMAIN=$(echo "$REALM") -fi +echo "Please enter the domain you wish to join:" +read -r DOMAIN +else +clear +echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" +read -r -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +fi +else +echo "Using Domain: $REALM" +DOMAIN=$(echo "$REALM") +fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1)