DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update ADconnection.sh

Browse Source
This commit is contained in:
PierreGoude 2017-02-06 10:47:19 +01:00 committed by GitHub
parent 47a0b4a6b5
commit e4f322b187
1 changed files with 61 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
ADconnection.sh
View File

@ -95,6 +95,9 @@ fi
if [ -f /etc/sudoers.d/sudoers ] if [ -f /etc/sudoers.d/sudoers ]
then then
echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}" echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g') grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ] if [ $grouPs = "$myhost""sudoers" ]
then then
@ -102,19 +105,15 @@ echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi fi
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = 0022 ] if [ $homedir = 0022 ]
then then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ "$cauth" = allow ] if [ $cauth = allow ]
then then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else else
@ -184,6 +183,9 @@ fi
if [ -f /etc/sudoers.d/sudoers ] if [ -f /etc/sudoers.d/sudoers ]
then then
echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}" echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g') grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ] if [ $grouPs = "$myhost""sudoers" ]
then then
@ -191,19 +193,15 @@ echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi fi
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = 0022 ] if [ $homedir = 0022 ]
then then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ "$cauth" = allow ] if [ $cauth = allow ]
then then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else else
@ -217,6 +215,11 @@ else
echo Checking login configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking login configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
echo "If this is wrong DO NOT REBOOT and contact sysadmin" echo "If this is wrong DO NOT REBOOT and contact sysadmin"
exec sudo -u root /bin/sh - <<eof
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
echo "override_homedir = /home/%d/%u" >> /etc/sssd/sssd.conf
eof
} }
####################### Setup for Debian client ####################################### ####################### Setup for Debian client #######################################
# This script should join Debian Jessie (8) to an Active Directory domain. # This script should join Debian Jessie (8) to an Active Directory domain.
@ -261,6 +264,9 @@ fi
if [ -f /etc/sudoers.d/sudoers ] if [ -f /etc/sudoers.d/sudoers ]
then then
echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}" echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g') grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ] if [ $grouPs = "$myhost""sudoers" ]
then then
@ -268,19 +274,15 @@ echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi fi
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = 0022 ] if [ $homedir = 0022 ]
then then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1) cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ "$cauth" = allow ] if [ $cauth = allow ]
then then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}" echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else else
@ -337,10 +339,47 @@ sudo echo "$UseR"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "$NetBios"'\'"$UseR" >> /etc/ssh/login.group.allowed sudo echo "$NetBios"'\'"$UseR" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
sudo echo "%DOMAIN\ admins@$DOMAIN ALL=(ALL) ALL" >> /etc/sudoers.d/domain_admins sudo echo "%DOMAIN\ admins@$DOMAIN ALL=(ALL) ALL" >> /etc/sudoers.d/domain_admins
cho "Check that the group is correct" therealm=$(realm discover | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
echo "In Sudoers file..." if [ $therealm = no ]
sudo cat /etc/sudoers | grep $myhost then
sudo cat /etc/sudoers | grep $UseR echo Realm configured?.. "${RED_TEXT}"FAIL"${END}"
else
echo Realm configured?.. "${INTRO_TEXT}"OK"${END}"
fi
if [ -f /etc/sudoers.d/sudoers ]
then
echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ]
then
echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ]
then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ $cauth = allow ]
then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}"
fi
guest=$(cat /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf | grep -i allow-guest | grep -i false | cut -d '=' -f2)
if [ "$guest" = false ]
then
echo Checking login configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking login configuration.. "${RED_TEXT}"FAIL"${END}"
fi
exec sudo -u root /bin/sh - <<eof exec sudo -u root /bin/sh - <<eof
sed -i -e 's/fallback_homedir = \/home\/%d\/%u/#fallback_homedir = \/home\/%d\/%u/g' /etc/sssd/sssd.conf sed -i -e 's/fallback_homedir = \/home\/%d\/%u/#fallback_homedir = \/home\/%d\/%u/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf