DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 16:50:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update ADconnection.sh

Browse Source
This commit is contained in:
PierreGoude 2017-06-28 10:22:24 +02:00 committed by GitHub
parent 4934d1c670
commit d50e77563c
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ADconnection.sh
View File

@ -148,7 +148,8 @@ sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowe
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow" echo "enabled SSH-allow"
fi;; fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed";; [Nn]* ) echo "Disabled SSH login.group.allowed"
states=$( echo 1 );;
* ) echo "Please answer yes or no.";; * ) echo "Please answer yes or no.";;
esac esac
echo "" echo ""
@ -171,7 +172,8 @@ sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_ad
fi;; fi;;
[Nn]* ) echo "Disabled sudo rights for users on this machine" [Nn]* ) echo "Disabled sudo rights for users on this machine"
echo "" echo ""
echo "";; echo ""
states=$( echo 12 );;
* ) echo 'Please answer yes or no.';; * ) echo 'Please answer yes or no.';;
esac esac
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
@ -198,6 +200,10 @@ echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}"
else else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}" echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
fi fi
if [ $states ='12' ]
then
echo "Sudoers not configured... skipping"
else
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g') grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ] if [ $grouPs = "$myhost""sudoers" ]
then then
@ -205,6 +211,7 @@ echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi fi
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] if [ $homedir = 0022 ]
then then
@ -212,6 +219,10 @@ echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
if [ $states = '1' ]
then
echo "Disabled SSH login.group.allowed"
else
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ $cauth = allow ] if [ $cauth = allow ]
then then
@ -219,6 +230,7 @@ echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
fi
exec sudo -u root /bin/sh - <<eof exec sudo -u root /bin/sh - <<eof
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf