[Linux] Script pour joindre machine Centos 7.x a un serveur AD - iZero

Script pour joindre machine Centos 7.x a un serveur AD

/!\ Les champs en orange sont a remplacés

Héberger le script sur un GIT et le lancer la commande en root

# bash <(curl http://mongit.domaine.tld/script_centos7)

1	# bash <(curl http://mongit.domaine.tld/script_centos7)

Le contenu de script_centos7

#!/bin/bash
echo

#Installer les paquets
yum -y install vim epel-release bash-completion bash-completion-extras sssd realmd oddjob oddjob-mkhomedir samba-common-tools chrony tmux
yum -y update

#Configuration de NTP
echo ''
echo '****Configuration NTP****'

if [ -e /etc/chrony.conf ]
	then
		i=1
		while [ -e /etc/chrony.conf.old$i ]
		do
			let i++
		done
		$(echo "cp /etc/chrony.conf /etc/chrony.conf.old$i")
fi

for file in /etc/chrony.conf
	do
		echo "Traitement de $file ..."
		echo ''
		sed -i -e "s/0.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad1.domaine.tld</strong></span>/g" "$file"
		sed -i -e "s/1.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad2.domaine.tld</strong></span>/g" "$file"
		sed -i -e "s/2.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad3.domaine.tld</strong></span>/g" "$file"
	done

systemctl restart chronyd

#Joindre la machine a l'AD
echo '****Configuration AD****'
realm join -U svc_wds --verbose --os-name=Centos --os-version=7 --computer-ou="ou=Centos,ou=Servers,ou=<span style="color: #ff6600;"><strong>ville</strong></span>,ou=<span style="color: #ff6600;"><strong>pays</strong></span>,ou=<span style="color: #ff6600;"><strong>site</strong></span>,ou=<span style="color: #ff6600;"><strong>societe</strong></span>,dc=<span style="color: #ff6600;"><strong>domaine</strong></span>,dc=<span style="color: #ff6600;"><strong>tld</strong></span>" <span style="color: #ff6600;"><strong>domaine.tld</strong></span>
echo ''

#Corriger la configuration générée
echo '****Configuration sssd****'

if [ -e /etc/sssd/sssd.conf ]
	then
		i=1
		while [ -e /etc/sssd/sssd.conf.old$i ]
		do
			let i++
		done
		$(echo "cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.old$i")
fi

for file in /etc/sssd/sssd.conf
do
	echo "Traitement de $file ..."
	echo ''
	sed -i -e "s/use_fully_qualified_names = True/use_fully_qualified_names = False/g" "$file"
	sed -i -e "s/%u@%d/<span style="color: #ff9900;"><strong>DOMAINE(Majuscule)</strong></span>\/%u/g" "$file"
done

systemctl restart sssd

#Configuration Sudo
echo '****Configuration sudo****'
echo "Traitement de /etc/sudoers ..."
echo ''

sed -i '92i%<span style="color: #ff6600;">groupe-ldap</span> ALL=(ALL) ALL' /etc/sudoers

#Désactiver la connexion en root via SSH
echo '****Configuration ssh****'

if [ -e /etc/ssh/sshd_config ]
	then
		i=1
		while [ -e /etc/ssh/sshd_config.old$i ]
		do
			let i++
		done
		$(echo "cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old$i")
fi

for file in /etc/ssh/sshd_config
do
	echo "Traitement de $file ..."
	echo ''
	sed -i -e "s/#PermitRootLogin yes/PermitRootLogin no/g" "$file"
done

systemctl reload sshd

#Restreindre les autorisations de connexion en SSH aux groupes IT
realm deny --all
realm permit -g <span style="color: #ff6600;"><strong>groupe-ldap</strong></span>

echo 'Configuration Complete!'

#!/bin/bash

echo

#Installer les paquets

yum -y install vim epel-release bash-completion bash-completion-extras sssd realmd oddjob oddjob-mkhomedir samba-common-tools chrony tmux

yum -y update

#Configuration de NTP

echo ''

echo '****Configuration NTP****'

if [ -e /etc/chrony.conf ]

then

i=1

while [ -e /etc/chrony.conf.old$i ]

let i++

done

$(echo "cp /etc/chrony.conf /etc/chrony.conf.old$i")

for file in /etc/chrony.conf

echo "Traitement de $file ..."

echo ''

sed -i -e "s/0.centos.pool.ntp.org/serveurad1.domaine.tld/g" "$file"

sed -i -e "s/1.centos.pool.ntp.org/serveurad2.domaine.tld/g" "$file"

sed -i -e "s/2.centos.pool.ntp.org/serveurad3.domaine.tld/g" "$file"

done

systemctl restart chronyd

#Joindre la machine a l'AD

echo '****Configuration AD****'

realm join -U svc_wds --verbose --os-name=Centos --os-version=7 --computer-ou="ou=Centos,ou=Servers,ou=ville,ou=pays,ou=site,ou=societe,dc=domaine,dc=tld" domaine.tld

echo ''

#Corriger la configuration générée

echo '****Configuration sssd****'

if [ -e /etc/sssd/sssd.conf ]

then

i=1

while [ -e /etc/sssd/sssd.conf.old$i ]

let i++

done

$(echo "cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.old$i")

for file in /etc/sssd/sssd.conf

echo "Traitement de $file ..."

echo ''

sed -i -e "s/use_fully_qualified_names = True/use_fully_qualified_names = False/g" "$file"

sed -i -e "s/%u@%d/DOMAINE(Majuscule)\/%u/g" "$file"

done

systemctl restart sssd

#Configuration Sudo

echo '****Configuration sudo****'

echo "Traitement de /etc/sudoers ..."

echo ''

sed -i '92i%groupe-ldap ALL=(ALL) ALL' /etc/sudoers

#Désactiver la connexion en root via SSH

echo '****Configuration ssh****'

if [ -e /etc/ssh/sshd_config ]

then

i=1

while [ -e /etc/ssh/sshd_config.old$i ]

let i++

done

$(echo "cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old$i")

for file in /etc/ssh/sshd_config

echo "Traitement de $file ..."

echo ''

sed -i -e "s/#PermitRootLogin yes/PermitRootLogin no/g" "$file"

done

systemctl reload sshd

#Restreindre les autorisations de connexion en SSH aux groupes IT

realm deny --all

realm permit -g groupe-ldap

echo 'Configuration Complete!'

Articles lus : 1 660

No votes yet.

Please wait...

Voting is currently disabled, data maintenance in progress.

Laisser un commentaire Annuler la réponse