DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update ADconnection.sh

Browse Source
This commit is contained in:
PierreGode 2020-03-25 17:03:13 +01:00 committed by GitHub
parent 5d26133670
commit d736c91dcd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ADconnection.sh
View File

@ -54,7 +54,7 @@ therealm="null"
cauth="null" cauth="null"
clear clear
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' )
if [ "$sshsec" = "yes" ] if [ "$sshsec" = "yes" ]
then then
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
@ -63,7 +63,7 @@ then
else else
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' )
if [ "$localadmin" = "null" ] if [ "$localadmin" = "null" ]
then then
localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
@ -107,7 +107,7 @@ fi
echo "" echo ""
echo "-------------------------------------------------------------------------------------------" echo "-------------------------------------------------------------------------------------------"
echo "" echo ""
givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' )
if [ "$givesudo" = "yes" ] if [ "$givesudo" = "yes" ]
then then
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
@ -116,7 +116,7 @@ then
echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "sudoers.d/sudoers file seems already to be modified, skipping..."
echo "" echo ""
else else
disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' )
if [ "$disssu" = "yes" ] if [ "$disssu" = "yes" ]
then then
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
@ -242,7 +242,7 @@ entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives
sudo service sssd restart sudo service sssd restart
sleep 1 sleep 1
clear clear
usesasl=$( cat readfile | grep USESASL | awk '{print $3}') usesasl=$( sudo grep USESASL readfile | awk '{print $3}' )
if [ "$usesasl" = "yes" ] if [ "$usesasl" = "yes" ]
then then
sasl=$( cat readfile | grep LDAPS | awk '{print $3}' ) sasl=$( cat readfile | grep LDAPS | awk '{print $3}' )
@ -252,7 +252,7 @@ sasl=$( cat readfile | grep LDAPS | awk '{print $3}' )
exit exit
else else
echo "$sasl" echo "$sasl"
cacer=$( cat readfile | grep CACERT | awk '{print $3}' ) cacer=$( sudo grep CACERT readfile | awk '{print $3}' )
if ! ls $cacer if ! ls $cacer
then echo "No root CA found, check your path to file" then echo "No root CA found, check your path to file"
else else
@ -396,7 +396,7 @@ therealm="null"
cauth="null" cauth="null"
clear clear
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
sshsec=$( cat readfile | grep SSHSECURE | awk '{print $3}' ) sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' )
if [ "$sshsec" = "yes" ] if [ "$sshsec" = "yes" ]
then then
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
@ -405,7 +405,7 @@ then
else else
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
localadmin=$( cat readfile | grep LOCALADMIN | awk '{print $3}' ) localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' )
if [ "$localadmin" = "null" ] if [ "$localadmin" = "null" ]
then then
localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
@ -449,7 +449,7 @@ fi
echo "" echo ""
echo "-------------------------------------------------------------------------------------------" echo "-------------------------------------------------------------------------------------------"
echo "" echo ""
givesudo=$( cat readfile | grep SUDOERS | awk '{print $3}' ) givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' )
if [ "$givesudo" = "yes" ] if [ "$givesudo" = "yes" ]
then then
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
@ -458,7 +458,7 @@ then
echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "sudoers.d/sudoers file seems already to be modified, skipping..."
echo "" echo ""
else else
disssu=$( cat readfile | grep DISSPROMT | awk '{print $3}' ) disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' )
if [ "$disssu" = "yes" ] if [ "$disssu" = "yes" ]
then then
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
@ -552,13 +552,15 @@ sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
sudo grep -i override /etc/sssd/sssd.conf sudo sudo grep -i override /etc/sssd/sssd.conf
sudo echo "[nss] sudo echo "[nss]
filter_groups = root filter_groups = root
filter_users = root filter_users = root
reconnection_retries = 3 reconnection_retries = 3
entry_cache_timeout = 600 entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
#entry_cache_user_timeout = 5400 sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf
sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf
sudo echo "#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400 #entry_cache_group_timeout = 5400
#cache_credentials = TRUE #cache_credentials = TRUE
### Added to help with group mapping ### Added to help with group mapping
@ -570,7 +572,8 @@ entry_cache_timeout = 600
#ldap_search_base = DC=$NetBios,DC=$coms #ldap_search_base = DC=$NetBios,DC=$coms
#ldap_group_member = uniquemember #ldap_group_member = uniquemember
#ad_enable_gc = False #ad_enable_gc = False
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf entry_cache_timeout = 600
entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives
sudo service sssd restart sudo service sssd restart
clear clear
usesasl=$( cat readfile | grep USESASL | awk '{print $3}') usesasl=$( cat readfile | grep USESASL | awk '{print $3}')