Integrando o Debian 9 Stretch à base LDAP do campus SJ
- !/bin/bash
- Função repetição #######################
ldap () {
echo "base dc=cefetsc,dc=edu,dc=br" > $file
echo "uri ldap://191.36.8.12" >>$file
echo "ldap_version 3" >>$file
echo "bind_policy soft" >>$file
}
- Configurar LDAP #######################
configLdap() {
aptitude install -y libcurl3 smbnetfs libpam-ldap libnss-ldap nss-updatedb libpam-mount cifs-utils cups-client
- Configuração do LDAP
file=/etc/libnss-ldap.conf
ldap
file=/etc/pam_ldap.conf
ldap
file=/etc/ldap.conf
ldap
- Retirar listagem dos usuário da tela de login
echo "- /etc/gdm3/greeter.dconf-defaults"
patch -p0 -N -r /dev/null << EOF
--- /etc/gdm3/greeter.dconf-defaults-original 2013-05-17 16:52:34.188328939 -0300
+++ /etc/gdm3/greeter.dconf-defaults 2013-05-17 16:52:59.884328074 -0300
@@ -32,7 +32,7 @@
fallback-logo='/usr/share/icons/gnome/48x48/places/debian-swirl.png'
# - Disable user list
-# disable-user-list=true
+disable-user-list=true
# - Disable restart buttons
# disable-restart-buttons=true
# - Show a login welcome message
EOF
- LDAP
echo "- etc/nsswitch.conf"
cat > /etc/nsswitch.conf << EOF
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
EOF
echo "# 20150519 Integração com LDAP do IF-SC São José (1 linha)" >> /etc/pam.d/common-session
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" >> /etc/pam.d/common-session
- Montando pastas de usuário e pastas compartilhadas
echo "- /etc/security/pam_mount.conf.xml"
cat > /etc/security/pam_mount.conf.xml <<EOF
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<volume user="*" uid="1000-1000000" server="dk" path="homes" mountpoint="/media/pessoal/%(USER)/%(USER)" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="publico" mountpoint="/media/pessoal/%(USER)/publico" fstype="cifs" options="iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="almoxtele" mountpoint="/media/pessoal/%(USER)/almoxtele" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="cce" mountpoint="/media/pessoal/%(USER)/cce" fstype="cifs" options="iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="cgeaen" mountpoint="/media/pessoal/%(USER)/cgeaen" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="cgeral" mountpoint="/media/pessoal/%(USER)/cgeral" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="cgp" mountpoint="/media/pessoal/%(USER)/cgp" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="coger" mountpoint="/media/pessoal/%(USER)/coger" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="comaf" mountpoint="/media/pessoal/%(USER)/comaf" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="comes" mountpoint="/media/pessoal/%(USER)/comes" fstype="cifs" options="iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="compras" mountpoint="/media/pessoal/%(USER)/compras" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="comunicacao" mountpoint="/media/pessoal/%(USER)/comunicacao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="contratos" mountpoint="/media/pessoal/%(USER)/contratos" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="corac" mountpoint="/media/pessoal/%(USER)/corac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="coseg" mountpoint="/media/pessoal/%(USER)/coseg" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="cotel" mountpoint="/media/pessoal/%(USER)/cotel" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="ctic" mountpoint="/media/pessoal/%(USER)/ctic" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="depe" mountpoint="/media/pessoal/%(USER)/depe" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="depx" mountpoint="/media/pessoal/%(USER)/depx" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="direcao" mountpoint="/media/pessoal/%(USER)/direcao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="edfisica" mountpoint="/media/pessoal/%(USER)/edfisica" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="engenharias" mountpoint="/media/pessoal/%(USER)/engenharias" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="escultura" mountpoint="/media/pessoal/%(USER)/escultura" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="estagio" mountpoint="/media/pessoal/%(USER)/estagio" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="eventos" mountpoint="/media/pessoal/%(USER)/eventos" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="extensao" mountpoint="/media/pessoal/%(USER)/extensao" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="financeiro" mountpoint="/media/pessoal/%(USER)/financeiro" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="gabinete" mountpoint="/media/pessoal/%(USER)/gabinete" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="dam" mountpoint="/media/pessoal/%(USER)/dam" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="geden" mountpoint="/media/pessoal/%(USER)/geden" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="gerac" mountpoint="/media/pessoal/%(USER)/gerac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="gtmemoria" mountpoint="/media/pessoal/%(USER)/gtmemoria" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="licenciatura" mountpoint="/media/pessoal/%(USER)/licenciatura" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="matematica" mountpoint="/media/pessoal/%(USER)/matematica" fstype="cifs" options="iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="orcamento" mountpoint="/media/pessoal/%(USER)/orcamento" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="pesquisa" mountpoint="/media/pessoal/%(USER)/pesquisa" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="POCV" mountpoint="/media/pessoal/%(USER)/POCV" fstype="cifs" options="iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="portarias" mountpoint="/media/pessoal/%(USER)/portarias" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="proeja" mountpoint="/media/pessoal/%(USER)/proeja" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="pronatec" mountpoint="/media/pessoal/%(USER)/pronatec" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="rac" mountpoint="/media/pessoal/%(USER)/rac" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="registro" mountpoint="/media/pessoal/%(USER)/registro" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="sebib" mountpoint="/media/pessoal/%(USER)/sebib" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="suporte" mountpoint="/media/pessoal/%(USER)/suporte" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<volume user="*" uid="1000-1000000" server="dk" path="tele" mountpoint="/media/pessoal/%(USER)/tele" fstype="cifs" options="dir_mode=0711,iocharset=utf8" />
<umount>umount %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="no" term="no" kill="no" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
EOF
- Configurar impressoras
echo "- /etc/cups/client.conf"
cat > /etc/cups/client.conf << EOF
ServerName vm-lan2
EOF
}
- Começo do script #########################
- Permitindo ctic se transformar em root
echo "ctic ALL=(ALL:ALL) ALL" >> /etc/sudoers
- Adicionando fonte ao source.list
rm -r /etc/apt/sources.list
touch /etc/apt/sources.list
echo "deb http://debian.pop-sc.rnp.br/debian stable main contrib non-free" >> /etc/apt/sources.list
echo "deb http://debian.pop-sc.rnp.br/debian stretch-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ stretch/updates main contrib non-free" >> /etc/apt/sources.list
echo "Atualizando sistema. Caso parar de responder por muito tempo espere mais um pouco."
aptitude update 1>/dev/null
aptitude safe-upgrade -y
aptitude install -y vlc unrar vim ssh libcurl3 ntfs-3g dkms cifs-utils ntp openjdk-7-jdk openjdk-7-jre icedtea-7-plugin pkg-mozilla-archive-keyring chromium chromium-l10n
aptitude update 1>/dev/null
aptitude safe-upgrade -y
- Ativando o recursos auto completar
echo "- /etc/bash.bashrc"
patch -p0 -N -r /dev/null << EOF
--- /etc/bash.bashrc-original 2013-05-22 17:54:58.758238491 -0300
+++ /etc/bash.bashrc 2013-05-22 17:55:24.510237767 -0300
@@ -29,13 +29,13 @@
#esac
# enable bash completion in interactive shells
-#if ! shopt -oq posix; then
-# if [ -f /usr/share/bash-completion/bash_completion ]; then
-# . /usr/share/bash-completion/bash_completion
-# elif [ -f /etc/bash_completion ]; then
-# . /etc/bash_completion
-# fi
-#fi
+if ! shopt -oq posix; then
+ if [ -f /usr/share/bash-completion/bash_completion ]; then
+ . /usr/share/bash-completion/bash_completion
+ elif [ -f /etc/bash_completion ]; then
+ . /etc/bash_completion
+ fi
+fi
# if the command-not-found package is installed, use it
if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then
EOF
- Negando acesso do aluno ao ssh
echo "DenyUsers aluno" >> /etc/ssh/sshd_config
- Configuração do NTP
cp -p /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime
echo "- /etc/ntp.conf"
cat > /etc/ntp.conf << EOF
# "memoria" para o escorregamento de frequencia do micro
# pode ser necessario criar esse arquivo manualmente com
# o comando touch ntp.drift
driftfile /etc/ntp.drift
# estatisticas do ntp que permitem verificar o historico
# de funcionamento e gerar graficos
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# servidores publicos do projeto ntp.br
server a.st1.ntp.br iburst
server b.st1.ntp.br iburst
server c.st1.ntp.br iburst
server d.st1.ntp.br iburst
server gps.ntp.br iburst
server a.ntp.br iburst
server b.ntp.br iburst
server c.ntp.br iburst
# outros servidores
# server outro-servidor.dominio.br iburst
# configuracoes de restricao de acesso
restrict default kod notrap nomodify nopeer
restrict -6 default kod notrap nomodify nopeer
EOF
aptitude update 1>/dev/null
aptitude safe-upgrade -y
- Configurar LDAP #########################
configLdap ##Comente essa linha se não quiser configurar o ldap#
- Fim do script
echo -n "É fortemente recomendado que você reinicie a máquina AGORA. Deseja fazer isso? [S/n]: "
read choose
case $choose in
"n" | "N")
exit
;;
"s" | "S" | "")
reboot
;;
*)
echo "Opção inválida, tente novamente mais tarde."
;;
esac
</syntaxhighlight>