Integrando o Debian 9 Stretch à base LDAP do campus SJ

De MediaWiki do Campus São José
Ir para: navegação, pesquisa

#!/bin/bash

                                              1. Função repetição #######################

ldap () { echo "base dc=cefetsc,dc=edu,dc=br" > $file echo "uri ldap://191.36.8.12" >>$file echo "ldap_version 3" >>$file echo "bind_policy soft" >>$file

}

                                              1. Configurar LDAP #######################

configLdap() { apt install -y smbnetfs libpam-ldap libnss-ldap libpam-mount cifs-utils apt purge -y nscd

    1. Configuração do LDAP

file=/etc/libnss-ldap.conf ldap file=/etc/pam_ldap.conf ldap file=/etc/ldap.conf ldap

    1. Retirar listagem dos usuário da tela de login

echo "- /etc/gdm3/greeter.dconf-defaults" patch -p0 -N -r /dev/null << EOF --- /etc/gdm3/greeter.dconf-defaults-original 2013-05-17 16:52:34.188328939 -0300 +++ /etc/gdm3/greeter.dconf-defaults 2013-05-17 16:52:59.884328074 -0300 @@ -32,7 +32,7 @@

fallback-logo='/usr/share/icons/gnome/48x48/places/debian-swirl.png'

# - Disable user list

-# disable-user-list=true +disable-user-list=true

# - Disable restart buttons
# disable-restart-buttons=true
# - Show a login welcome message

EOF

    1. LDAP

echo "- etc/nsswitch.conf" cat > /etc/nsswitch.conf << EOF passwd: compat ldap group: compat ldap shadow: compat ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files

protocols: db files services: db files ethers: db files rpc: db files

netgroup: nis EOF

echo "# 20150519 Integração com LDAP do IF-SC São José (1 linha)" >> /etc/pam.d/common-session echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" >> /etc/pam.d/common-session


    1. Montando pastas de usuário e pastas compartilhadas

echo "- /etc/security/pam_mount.conf.xml"

cat > /etc/security/pam_mount.conf.xml <<EOF <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">

<pam_mount>


<debug enable="0" />

<volume user="*" uid="1000-1000000" server="dk" path="homes" mountpoint="/media/pessoal/%(USER)/%(USER)" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="publico" mountpoint="/media/pessoal/%(USER)/publico" fstype="cifs" options="iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="almoxtele" mountpoint="/media/pessoal/%(USER)/almoxtele" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="cce" mountpoint="/media/pessoal/%(USER)/cce" fstype="cifs" options="iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="cgeaen" mountpoint="/media/pessoal/%(USER)/cgeaen" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="cgeral" mountpoint="/media/pessoal/%(USER)/cgeral" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="cgp" mountpoint="/media/pessoal/%(USER)/cgp" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="coger" mountpoint="/media/pessoal/%(USER)/coger" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="comaf" mountpoint="/media/pessoal/%(USER)/comaf" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="comes" mountpoint="/media/pessoal/%(USER)/comes" fstype="cifs" options="iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="compras" mountpoint="/media/pessoal/%(USER)/compras" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="comunicacao" mountpoint="/media/pessoal/%(USER)/comunicacao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="contratos" mountpoint="/media/pessoal/%(USER)/contratos" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="corac" mountpoint="/media/pessoal/%(USER)/corac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="coseg" mountpoint="/media/pessoal/%(USER)/coseg" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="cotel" mountpoint="/media/pessoal/%(USER)/cotel" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="ctic" mountpoint="/media/pessoal/%(USER)/ctic" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="depe" mountpoint="/media/pessoal/%(USER)/depe" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="depx" mountpoint="/media/pessoal/%(USER)/depx" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="direcao" mountpoint="/media/pessoal/%(USER)/direcao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="edfisica" mountpoint="/media/pessoal/%(USER)/edfisica" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="engenharias" mountpoint="/media/pessoal/%(USER)/engenharias" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="escultura" mountpoint="/media/pessoal/%(USER)/escultura" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="estagio" mountpoint="/media/pessoal/%(USER)/estagio" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="eventos" mountpoint="/media/pessoal/%(USER)/eventos" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="extensao" mountpoint="/media/pessoal/%(USER)/extensao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="financeiro" mountpoint="/media/pessoal/%(USER)/financeiro" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="gabinete" mountpoint="/media/pessoal/%(USER)/gabinete" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="dam" mountpoint="/media/pessoal/%(USER)/dam" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="geden" mountpoint="/media/pessoal/%(USER)/geden" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="gerac" mountpoint="/media/pessoal/%(USER)/gerac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="gtmemoria" mountpoint="/media/pessoal/%(USER)/gtmemoria" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="licenciatura" mountpoint="/media/pessoal/%(USER)/licenciatura" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="matematica" mountpoint="/media/pessoal/%(USER)/matematica" fstype="cifs" options="iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="orcamento" mountpoint="/media/pessoal/%(USER)/orcamento" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="pesquisa" mountpoint="/media/pessoal/%(USER)/pesquisa" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="POCV" mountpoint="/media/pessoal/%(USER)/POCV" fstype="cifs" options="iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="portarias" mountpoint="/media/pessoal/%(USER)/portarias" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="proeja" mountpoint="/media/pessoal/%(USER)/proeja" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="pronatec" mountpoint="/media/pessoal/%(USER)/pronatec" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="rac" mountpoint="/media/pessoal/%(USER)/rac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="registro" mountpoint="/media/pessoal/%(USER)/registro" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="sebib" mountpoint="/media/pessoal/%(USER)/sebib" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="suporte" mountpoint="/media/pessoal/%(USER)/suporte" fstype="cifs" options="dir_mode=0711,iocharset=utf8" /> <volume user="*" uid="1000-1000000" server="dk" path="tele" mountpoint="/media/pessoal/%(USER)/tele" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />

<umount>umount %(MNTPT)</umount>


<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /> <mntoptions require="nosuid,nodev" />

<logout wait="0" hup="no" term="no" kill="no" />


<mkmountpoint enable="1" remove="true" />


</pam_mount> EOF

    1. Configurar impressoras

echo "- /etc/cups/client.conf" cat > /etc/cups/client.conf << EOF ServerName vm-lan2 EOF

}


                                                  1. Começo do script #########################
    1. Permitindo ctic se transformar em root

echo "ctic ALL=(ALL:ALL) ALL" >> /etc/sudoers

    1. Adicionando fonte ao source.list

rm -r /etc/apt/sources.list touch /etc/apt/sources.list echo "deb http://debian.pop-sc.rnp.br/debian stable main contrib non-free" >> /etc/apt/sources.list echo "deb http://debian.pop-sc.rnp.br/debian stretch-updates main contrib non-free" >> /etc/apt/sources.list echo "deb http://security.debian.org/ stretch/updates main contrib non-free" >> /etc/apt/sources.list echo "Atualizando sistema. Caso parar de responder por muito tempo espere mais um pouco." aptitude update 1>/dev/null aptitude safe-upgrade -y

echo "source /etc/network/interfaces.d/*" >> /etc/network/interfaces echo "" >> /etc/network/interfaces echo "auto lo" >> /etc/network/interfaces echo "iface lo inet loopback" >> /etc/network/interfaces echo "" >> /etc/network/interfaces echo "allow-hotplug eth0" >> /etc/network/interfaces echo "iface eth0 inet dhcp" >> /etc/network/interfaces

    1. Ativando o recursos auto completar

echo "- /etc/bash.bashrc" patch -p0 -N -r /dev/null << EOF --- /etc/bash.bashrc-original 2013-05-22 17:54:58.758238491 -0300 +++ /etc/bash.bashrc 2013-05-22 17:55:24.510237767 -0300 @@ -29,13 +29,13 @@

#esac

# enable bash completion in interactive shells

-#if ! shopt -oq posix; then -# if [ -f /usr/share/bash-completion/bash_completion ]; then -# . /usr/share/bash-completion/bash_completion -# elif [ -f /etc/bash_completion ]; then -# . /etc/bash_completion -# fi -#fi +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi

# if the command-not-found package is installed, use it
if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then

EOF

    1. Negando acesso do aluno ao ssh

echo "DenyUsers aluno" >> /etc/ssh/sshd_config

    1. Configuração do NTP

cp -p /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime echo "- /etc/ntp.conf" cat > /etc/ntp.conf << EOF

      # "memoria" para o escorregamento de frequencia do micro
      # pode ser necessario criar esse arquivo manualmente com
      # o comando touch ntp.drift
      driftfile /etc/ntp.drift

      # estatisticas do ntp que permitem verificar o historico
      # de funcionamento e gerar graficos
      statsdir /var/log/ntpstats/
      statistics loopstats peerstats clockstats
      filegen loopstats file loopstats type day enable
      filegen peerstats file peerstats type day enable
      filegen clockstats file clockstats type day enable

      # servidores publicos do projeto ntp.br
      server a.st1.ntp.br iburst
      server b.st1.ntp.br iburst
      server c.st1.ntp.br iburst
      server d.st1.ntp.br iburst
      server gps.ntp.br iburst
      server a.ntp.br iburst
      server b.ntp.br iburst
      server c.ntp.br iburst

      # outros servidores
      # server outro-servidor.dominio.br iburst

      # configuracoes de restricao de acesso
      restrict default kod notrap nomodify nopeer
      restrict -6 default kod notrap nomodify nopeer

EOF apt update 1>/dev/null apt safe-upgrade -y

                                              1. Configurar LDAP #########################

configLdap ##Comente essa linha se não quiser configurar o ldap#

    1. Fim do script

echo -n "É fortemente recomendado que você reinicie a máquina AGORA. Deseja fazer isso? [S/n]: " read choose case $choose in "n" | "N") exit ;;

"s" | "S" | "") reboot ;; *) echo "Opção inválida, tente novamente mais tarde." ;; esac </syntaxhighlight>