n.kisl
/
Astra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first

This commit is contained in:
Nikita 2024-01-31 13:34:02 +05:00
parent 0ebe82ab98
commit 5e70331dcd
5 changed files with 637 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
Ald_pro.sh Normal file
View File

@ -0,0 +1,69 @@
if [ "$EUID" -ne 0 ]
then echo "Use sudo, dummy."
exit
fi
ALD_Pro () {
# переменные хоста
read -p 'Введите имя этого ПК: ' -i $(hostname -s) -e PC_NAME
read -p 'Введите имя домена: ' -i $(hostname -d) -e DOMAIN
#Меняем имя хоста
hostnamectl set-hostname "$PC_NAME.$DOMAIN"
# переменные сети
read -p 'Введите имя интерфейса: ' -i eth0 -e INTERFACE
read -p 'Введите имя интерфейса: ' -i eth1 -e INTER
read -p 'Введите адрес этого ПК: ' -i $(hostname -i) -e IP
read -p 'Введите маску подсети: ' -i 24 -e SUBNET
# удаляем все соединения
rm /etc/network/interfaces.d/* 2> /dev/null
nmcli --terse connection show 2> /dev/null | cut -d : -f 1 | \
while read name; do echo nmcli connection delete "$name" 2> /dev/null; done
# Выключаем NetworkManager
systemctl disable --now NetworkManager
systemctl mask NetworkManager
# Настройка сети
echo "auto $INTERFACE" > "/etc/network/interfaces.d/$INTERFACE"
echo "iface $INTERFACE inet static" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\taddress $IP" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\tnetmask $SUBNET" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\tdns-nameserver 127.0.0.1" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\tdns-search $DOMAIN" >> "/etc/network/interfaces.d/$INTERFACE"
echo "auto $INTER" > "/etc/network/interfaces.d/$INTER"
echo "iface $INTER inet dhcp" >> "/etc/network/interfaces.d/$INTER"
echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
echo "127.0.1.1 $PC_NAME" >> /etc/hosts
echo "$IP $PC_NAME.$DOMAIN $PC_NAME" >> /etc/hosts
systemctl restart networking
echo "deb https://download.astralinux.ru/aldpro/stable/repository-main/ 1.0.0 main" > /etc/apt/sources.list.d/aldpro.list
echo "deb https://download.astralinux.ru/aldpro/stable/repository-extended/ generic main" >> /etc/apt/sources.list.d/aldpro.list
echo "deb http://download.astralinux.ru/astra/frozen/1.7_x86-64/1.7.1/repository-base 1.7_x86-64 main non-free contrib" > /etc/apt/sources.list
echo "deb http://download.astralinux.ru/astra/frozen/1.7_x86-64/1.7.1/repository-extended 1.7_x86-64 main contrib non-free" >> /etc/apt/sources.list
echo "Package: *" > /etc/apt/preferences.d/aldpro
echo "Pin: release n=generic" >> /etc/apt/preferences.d/aldpro
echo "Pin-Priority: 900" >> /etc/apt/preferences.d/aldpro
apt update && apt upgrade -y
DEBIAN_FRONTEND=noninteractive apt-get install -q -y aldpro-mp && reboot
}
Pro_Install () {
read -p 'Введите имя этого ПК: ' -i $(hostname -s) -e PC_NAME
read -p 'Введите имя домена: ' -i $(hostname -d) -e DOMAIN
read -p 'Введите адрес этого ПК: ' -i $(hostname -i) -e IP
read -p 'Введите пароль администратора домена ' -i xxXX1234 -e ADMIN_PASSWORD
/opt/rbta/aldpro/mp/bin/aldpro-server-install.sh -d $DOMAIN -n $PC_NAME -p $ADMIN_PASSWORD --ip $IP --no-reboot
reboot
}
echo "ALD_Pro [1]"
echo "Pro_Install [2]"
read -p 'ALD_Pro [0124] ' WHICH_FUNC
if grep -q "1" <<< "$WHICH_FUNC"; then
ALD_Pro
fi
if grep -q "2" <<< "$WHICH_FUNC"; then
Pro_Install
fi

177
Astra-FreeIPA.sh Normal file
View File

@ -0,0 +1,177 @@
#!/usr/bin/env bash
if [[ $(whoami) == "root" ]]; then
# определение необходимостей
read -p 'Сеть [1] / Репозитории [2] / Домен [3] / Вход [4] ' whichScript
##################################
# Настройка сети #
##################################
# проверяем необходимость запуска
if grep -q "1" <<< "$whichScript"; then
# задаём имя соединению
con="Проводное соединение 1"
# назначаем хостнейм
read -p 'Введите хостнейм FQDN: ' hostname
hostnamectl set-hostname "$hostname"
# конфигуриуем соединение
read -p 'Введите IP: ' ip
read -p 'Введите маску: ' mask
read -p 'Введите гетвей: ' gateway
read -p 'Введите DNS(для клиента указываем DNS домен): ' dns
nmcli con mod "$con" ip4 $ip/$mask gw4 $gateway
# настраиваем адресс DNS
nmcli con mod "$con" ipv4.dns "$dns"
# отключаем DHCP, Добавляем loopback строку в IPv6
nmcli con mod "$con" ipv4.method manual
chmod 777 /etc/sysctl.d/999-astra.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 0" >> /etc/sysctl.d/999-astra.conf
chmod 644 /etc/sysctl.d/999-astra.conf
# указываем данные hosts
pcDomain=$(hostname -s)
domain=$(hostname -d)
echo "$ip $hostname $pcDomain" >> /etc/hosts
# перезапускаем соединение
nmcli con down "$con" ; nmcli con up "$con"
fi
##################################
# Конфигурация репозиториев #
##################################
# проверяем необходимость запуска
if grep -q "2" <<< "$whichScript"; then
#!/usr/bin/env bash
# CD/DVD-1 [Smolensk-1.6]
mkdir -p /srv/repo/smolensk/main
mount /dev/sr0 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/main
umount /media/cdrom
# CD/DVD 2 [Devel-Smolensk-1.6]
mkdir -p /srv/repo/smolensk/devel
mount /dev/sr1 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/devel
umount /media/cdrom
# CD/DVD 3 [20200722SE16]
mkdir -p /srv/repo/smolensk/update
mount /dev/sr2 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/update
umount /media/cdrom
# CD/DVD 4 [Repository-Update-Devel]
mkdir -p /srv/repo/smolensk/update-dev
mount /dev/sr3 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/update-dev
umount /media/cdrom
# дополняем источники
echo -n > /etc/apt/sources.list
echo "# репозиторий основного диска" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/main smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска со средствами разработки" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/devel smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска с обновлением основного диска" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска с обновлением диска со средствами разработки" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update-dev smolensk main contrib non-free" >> /etc/apt/sources.list
# обновление пакетов
apt update -y
apt dist-upgrade -y
apt -f install -y
# включение SSH
apt install ssh -y
systemctl enable ssh
systemctl start ssh
# перезагружаем
read -p 'Перезагрузить машину? ' doReboot
if [[ "$doReboot" == "y" ]]; then
reboot
fi
fi
##################################
# Установка домена #
##################################
# проверяем необходимость запуска
if grep -q "3" <<< "$whichScript"; then
echo "dns должен быть loopback и имя сервера должно быть FQDN = astra.demo.lab"
con="Проводное соединение 1"
# добавление репозиториев и установка пакетов для УЦ Dogtag FreeIPA
echo -n > /etc/apt/sources.list
echo "# репозиторий с актуальными стабильными версиями пакетов" >> /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/stable/orel/repository orel contrib main non-free" >> /etc/apt/sources.list
echo "# репозиторий с тестируемыми версиями пакетов" >> /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/testing/orel/repository orel contrib main non-free" >> /etc/apt/sources.list
echo "# репозиторий с экспериментальными пакетами" >> /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/experimental/orel/repository orel contrib main non-free" >> /etc/apt/sources.list
# обновление пакетов
apt update -y
# установка пакетов для УЦ
apt -d install pki-ca pki-kra -y
dpkg -i /var/cache/apt/archives/*.deb
# восстанавливаем репозитории источники
echo -n > /etc/apt/sources.list
echo "# репозиторий основного диска" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/main smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска со средствами разработки" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/devel smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска с обновлением основного диска" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update smolensk main contrib non-free" >> /etc/apt/sources.list
echo "# репозиторий диска с обновлением диска со средствами разработки" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update-dev smolensk main contrib non-free" >> /etc/apt/sources.list
# обновление пакетов
apt update -y
#read -p 'Введите хостнейм еще раз: ' hostname
# конфигуриуем соединение
read -p 'Введите DNS такой же как IP: ' dns
# настраиваем адресс DNS
nmcli con mod "$con" ipv4.dns "$dns"
# перезапускаем соединение
nmcli con down "$con" ; nmcli con up "$con"
# установка пакетов FreeIPA
apt install fly-admin-freeipa-server -y
# профилактика битых пакетов
apt -f install -y
# проверяем переменные сети
# конфигурируем данные домена
pcDomain=$(hostname -s)
domain=$(hostname -d)
ip=$(hostname -i)
# конфигурация домена
astra-freeipa-server -d $domain -n $pcDomain -px -ip $ip -o --dogtag -y
read -p 'Перезагрузить машину? ' doReboot
if [[ "$doReboot" == "y" ]]; then
reboot
fi
fi
##################################
# Ввод в домен #
##################################
# проверяем необходимость запуска
if grep -q "4" <<< "$whichScript"; then
# установка пакетов
apt install fly-admin-freeipa-client -y
# профилактика битых пакетов
apt -f install -y
# конфигурируем данные домена
domain=$(hostname -d)
# входим в домен
astra-freeipa-client -d $domain
fi
# перезагружаем
read -p 'Перезагрузить машину? ' doReboot
if [[ "$doReboot" == "y" ]]; then
reboot
fi
# проверка sudo
else
echo "Запусти скрипт через sudo!"
fi
fi

44
LICENSE
View File

@ -1,23 +1,21 @@
Copyright <yyyy, yyyy> The Open Group
Permission to use, copy, modify, distribute, and sell this software and
its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of The Open Group
shall not be used in advertising or otherwise to promote the sale, use
or other dealings in this Software without prior written authorization
from The Open Group.
NETHACK GENERAL PUBLIC LICENSE
(Copyright 1989 M. Stephenson)
(Based on the BISON general public license, copyright 1988 Richard M. Stallman)
Everyone is permitted to copy and distribute verbatim copies of this license, but changing it is not allowed. You can also use this wording to make the terms for other programs.
The license agreements of most software companies keep you at the mercy of those companies. By contrast, our general public license is intended to give everyone the right to share NetHack. To make sure that you get the rights we want you to have, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. Hence this license agreement.
Specifically, we want to make sure that you have the right to give away copies of NetHack, that you receive source code or else can get it if you want it, that you can change NetHack or use pieces of it in new free programs, and that you know you can do these things.
To make sure that everyone has such rights, we have to forbid you to deprive anyone else of these rights. For example, if you distribute copies of NetHack, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights.
Also, for our own protection, we must make certain that everyone finds out that there is no warranty for NetHack. If NetHack is modified by someone else and passed on, we want its recipients to know that what they have is not what we distributed.
Therefore we (Mike Stephenson and other holders of NetHack copyrights) make the following terms which say what you must do to be allowed to distribute or change NetHack.
COPYING POLICIES
1. You may copy and distribute verbatim copies of NetHack source code as you receive it, in any medium, provided that you keep intact the notices on all files that refer to copyrights, to this License Agreement, and to the absence of any warranty; and give any other recipients of the NetHack program a copy of this License Agreement along with the program.
2. You may modify your copy or copies of NetHack or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above (including distributing this License Agreement), provided that you also do the following:
a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and
b) cause the whole of any work that you distribute or publish, that in whole or in part contains or is a derivative of NetHack or any part thereof, to be licensed at no charge to all third parties on terms identical to those contained in this License Agreement (except that you may choose to grant more extensive warranty protection to some or all third parties, at your option)
c) You may charge a distribution fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
3. You may copy and distribute NetHack (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following:
a) accompany it with the complete machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or,
b) accompany it with full information as to how to obtain the complete machine-readable source code from an appropriate archive site. (This alternative is allowed only for noncommercial distribution.)
For these purposes, complete source code means either the full source distribution as originally released over Usenet or updated copies of the files in this distribution used to create the object code or executable.
4. You may not copy, sublicense, distribute or transfer NetHack except as expressly provided under this License Agreement. Any attempt otherwise to copy, sublicense, distribute or transfer NetHack is void and your rights to use the program under this License agreement shall be automatically terminated. However, parties who have received computer software programs from you with this License Agreement will not have their licenses terminated so long as such parties remain in full compliance.
Stated plainly: You are permitted to modify NetHack, or otherwise use parts of NetHack, provided that you comply with the conditions specified above; in particular, your modified NetHack or program containing parts of NetHack must remain freely available as provided in this License Agreement. In other words, go ahead and share NetHack, but don't try to stop anyone else from sharing it farther.

2
README.md
View File

@ -1,2 +1,2 @@
# Astra
# astra

369
astra.sh Normal file
View File

@ -0,0 +1,369 @@
#!/usr/bin/env bash
# проверка запуска от имени рута
if [ "$EUID" -ne 0 ]
then echo "Use sudo, dummy."
exit
fi
network_variables () {
# переменные хоста
read -p 'Введите имя этого ПК: ' -i $(hostname -s) -e PC_NAME
read -p 'Введите имя домена: ' -i $(hostname -d) -e DOMAIN
# меняем имя хоста
hostnamectl set-hostname "$PC_NAME"
# переменные сети
read -p 'Введите имя интерфейса: ' -i eth0 -e INTERFACE
read -p 'Введите адрес этого ПК: ' -i $(hostname -i) -e IP
read -p 'Введите маску подсети: ' -i 24 -e SUBNET
read -p 'Введите gateway: ' -i $(echo "$IP" | grep -Eo '([0-9]+\.)+') -e GATEWAY
read -p 'Введите адрес DNS сервера: ' -i $(echo "$IP" | grep -Eo '([0-9]+\.)+') -e DNS
# удаляем все соединения
rm /etc/network/interfaces.d/* 2> /dev/null
nmcli --terse connection show 2> /dev/null | cut -d : -f 1 | \
while read name; do echo nmcli connection delete "$name" 2> /dev/null; done
# поднимаем сеть
echo "auto $INTERFACE" > "/etc/network/interfaces.d/$INTERFACE"
echo "iface $INTERFACE inet static" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\taddress $IP" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\tnetmask $SUBNET" >> "/etc/network/interfaces.d/$INTERFACE"
echo -e "\tgateway $GATEWAY" >> "/etc/network/interfaces.d/$INTERFACE"
echo "nameserver $DNS" > '/etc/resolv.conf'
systemctl restart networking
# прописываем хостс
echo "127.0.0.1 localhost" > /etc/hosts
echo "$IP $PC_NAME.$DOMAIN $PC_NAME" >> /etc/hosts
}
admin_variables () {
# переменные админа (для входа в домен)
read -p 'Введите логин админимтратора: ' -i Administrator -e ADMIN_LOGIN
read -p 'Введите пароль администратора: ' -i xxXX1234 -e ADMIN_PASSWORD
}
another_variables () {
# переменные другого пк (домен/клиент)
read -p 'Введите имя ПК: ' ANOTHER_PC_NAME
read -p 'Введите адрес ПК: ' ANOTHER_IP
# прописываем хостс
echo "$ANOTHER_IP $ANOTHER_PC_NAME.$DOMAIN $ANOTHER_PC_NAME" >> /etc/hosts
}
check_variables () {
if grep -L "0" <<< "$WHICH_FUNC"; then
read -p "Сеть и хостс настроены? " -i n -e QUESTION
if [[ "$QUESTION" == "n" ]]; then
network_variables
fi
fi
}
admin_rules () {
read -p "Дать пользователю права администратора? " -i y -e QUESTION
if [[ "$QUESTION" == "y" ]]; then
read -p 'Введите имя доменного пользователя: ' USERNAME
pdpl-user -i 63 "$USERNAME"
echo "$USERNAME ALL=(ALL:ALL) ALL" | EDITOR="tee -a" visudo
fi
}
1.6_repos_update () {
# подсказка по дискам
echo "1. Smolensk-1.6.iso"
echo "2. Devel-Smolensk-1.6.iso"
echo "3. Repository-Update.iso"
echo "4. Repository-Update-Devel.iso"
read -p "Вы вставили все диски?"
# CD/DVD-1 [Smolensk-1.6]
while ! ls /dev/sr0 > /dev/null 2>&1; do
read -p "Вставьте Smolensk-1.6.iso"
done
mkdir -p /srv/repo/smolensk/main
mount /dev/sr0 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/main
umount /media/cdrom
# CD/DVD 2 [Devel-Smolensk-1.6]
while ! ls /dev/sr1 > /dev/null 2>&1; do
read -p "Вставьте Devel-Smolensk-1.6.iso"
done
mkdir -p /srv/repo/smolensk/devel
mount /dev/sr1 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/devel
umount /media/cdrom
# CD/DVD 3 [20200722SE16]
while ! ls /dev/sr2 > /dev/null 2>&1; do
read -p "Вставьте Repository-Update.iso"
done
mkdir -p /srv/repo/smolensk/update
mount /dev/sr2 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/update
umount /media/cdrom
# CD/DVD 4 [Repository-Update-Devel]
while ! ls /dev/sr3 > /dev/null 2>&1; do
read -p "Вставьте Repository-Update-Devel.iso"
done
mkdir -p /srv/repo/smolensk/update-dev
mount /dev/sr3 /media/cdrom
cp -a /media/cdrom/* /srv/repo/smolensk/update-dev
umount /media/cdrom
# дополняем источники
echo "deb file:/srv/repo/smolensk/main smolensk main contrib non-free" > /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/devel smolensk main contrib non-free" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update smolensk main contrib non-free" >> /etc/apt/sources.list
echo "deb file:/srv/repo/smolensk/update-dev smolensk main contrib non-free" >> /etc/apt/sources.list
}
1.7_repos_update () {
# дополняем источники
echo "deb https://download.astralinux.ru/astra/stable/1.7_x86-64/repository-main/ 1.7_x86-64 main contrib non-free" > /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/stable/1.7_x86-64/repository-update/ 1.7_x86-64 main contrib non-free" >> /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/stable/1.7_x86-64/repository-base/ 1.7_x86-64 main contrib non-free" >> /etc/apt/sources.list
echo "deb https://download.astralinux.ru/astra/stable/1.7_x86-64/repository-extended/ 1.7_x86-64 main contrib non-free" >> /etc/apt/sources.list
}
repos_update () {
# проверяем версию Астры
ASTRA_VERISON=$(cat /etc/*-release)
# версия 1.6
if grep -q "1.6" <<< "$ASTRA_VERISON"; then
1.6_repos_update
fi
# версия 1.7
if grep -q "1.7" <<< "$ASTRA_VERISON"; then
1.7_repos_update
fi
# обновление пакетов
apt update -y
apt dist-upgrade -y
apt -f install -y
apt autoremove -y
}
ssh_server () {
# устанавливаем пакет
apt install openssh-server -y
# включаем SSH
systemctl enable --now ssh
}
ssh_client () {
# генерим ключи
ssh-keygen
# логин@пароль
echo "Вводите данные сервера."
admin_variables
# передаюм ключи на удалённый сервер
ssh-copy-id -i ~/.ssh/id_rsa.pub "$ADMIN_LOGIN"@"$ADMIN_PASSWORD"
}
ad_join () {
# устанавливаем пакет
apt install astra-ad-sssd-client -y
# входим в домен
check_variables
admin_variables
astra-ad-sssd-client -d "$(hostname -d)" -u "$ADMIN_LOGIN" -p "$ADMIN_PASSWORD" -y
admin_rules
}
ald_init () {
# устанавливаем пакеты
apt install fly-admin-ald-server ald-server-common smolensk-security-ald -y
# функции
check_variables
echo "Вводите данные клиента."
another_variables
# иницилизируем ald
ald-init init
}
ald_join () {
# устанавливаем пакеты
apt install ald-client-common ald-admin -y
# функции
check_variables
echo "Вводите данные домена."
another_variables
# входим в домен
ald-client join
admin_rules
}
dmcli_install () {
# директория dmcli
rm -rf dmcli/; mkdir dmcli/
# наличие архива
while ! ls *.tar.gz > /dev/null 2>&1; do
read -p "Переместите архив клиента Device Monitor."
done
# распаковка архива
tar -xvf *.tar.gz -C dmcli/
# распаковка пакета
PACKAGE=$(echo dmcli/*.deb)
dpkg-deb -x "$PACKAGE" dmcli/dpkg/
dpkg-deb -e "$PACKAGE" dmcli/dpkg/DEBIAN
# замена файлов (вписывает текущее ядро)
mv dmcli/dpkg/opt/iw/dmagent/lib/modules/*-$(uname -r | grep -P -o 'generic|hardened') \
dmcli/dpkg/opt/iw/dmagent/lib/modules/$(uname -r)
# сборка пакета
rm "$PACKAGE" && dpkg -b dmcli/dpkg "$PACKAGE"
# удаление старых ядер
sudo apt-get remove `dpkg --list 'linux-image*' |grep ^ii | awk '{print $2}'\ | grep -v \`uname -r\``
# установка девайс монитор клиента
read -p 'Введите адрес и порт IWDM: ' -i 192.168.1.20:15101 -e IWDM
dmcli/install.sh $IWDM
}
rutk_server () {
# установка библиотек для сертификатов
apt install libccid pcscd libpcsclite1 pcsc-tools opensc krb5-pkinit libpam-krb5 libengine-pkcs11-openssl1.1 -y
wget https://es.ukrtb.ru/nextcloud/s/HX6fcj5mpBASTeG/download/librtpkcs11ecp_2.3.3.0-1_amd64.deb -O /tmp/librtpkcs11ecp.deb
dpkg -i /tmp/librtpkcs11ecp.deb
# создание сертификатов
mkdir /etc/ssl/CA ; cd "$_"
openssl genrsa -out cakey.pem 2048
openssl req -key cakey.pem -new -x509 -days 3650 -out cacert.pem -subj "/C=RU/ST=RB/L=Ufa/O=UKRTB/OU=IB/CN=astra/emailAddress=astra@demo.lab"
openssl genrsa -out kdckey.pem 2048
openssl req -new -out kdc.req -key kdckey.pem -subj "/C=RU/ST=RB/L=Ufa/O=UKRTB/OU=IB/CN=astra/emailAddress=astra@demo.lab"
wget https://es.ukrtb.ru/git/ukrtb/learn/raw/branch/master/pkinit_extensions
sed -i "s/КЛИЕНТ/$(hostname -s)/" pkinit_extensions
sed -i "s/РЕАЛМ/$(hostname -d)/" pkinit_extensions
openssl x509 -req -in kdc.req -CAkey cakey.pem -CA cacert.pem -out kdc.pem -extfile pkinit_extensions -extensions kdc_cert -CAcreateserial -days 365
cp kdc.pem kdckey.pem cacert.pem /var/lib/krb5kdc/
# конфигурация керберос
sed -i '/kdcdefaults/a \
pkinit_identity = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem \
pkinit_anchors = FILE:/var/lib/krb5kdc/cacert.pem '\
/etc/ald/config-templates/kdc.conf
ald-init commit-config
# перезапуск керберос
systemctl restart krb5-admin-server
systemctl restart krb5-kdc
# проверка наличия рутокена
while ! pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -T > /dev/null 2>&1; do
read -p "Вставьте Рутокен."
done
# форматирование и инициализация токена
pkcs15-init --erase-card -p rutoken_ecp
pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --label "Rutoken" --finalize
# генерация закрытых ключей на рутокене
pkcs11-tool --slot 0 --login --pin 12345678 --keypairgen --key-type rsa:2048 --id 42 --label “ukrtb” --module /usr/lib/librtpkcs11ecp.so
# генерация сертификатов
openssl << EOT
engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/librtpkcs11ecp.so
req -engine pkcs11 -new -key 0:42 -keyform engine -out client.req -subj "/C=RU/ST=RB/L=Ufa/O=UKRTB/OU=IB/CN=client/emailAddress=client@demo.lab"
x509 -CAkey cakey.pem -CA cacert.pem -req -in client.req -extensions client_cert -extfile pkinit_extensions -out client.pem -days 365
x509 -in client.pem -out client.cer -inform PEM -outform DER
q
EOT
# перенос сертификатов на Рутокен
pkcs15-init --store-certificate client.cer --auth-id 02 --id 42 --format der
# pkcs15-init --store-certificate cacert.pem --auth-id 02 --id 11 --format pem
}
rutk_client () {
# установка библиотек для сертификатов
apt install libccid pcscd libpcsclite1 pcsc-tools opensc krb5-pkinit libpam-krb5 libengine-pkcs11-openssl1.1 -y
wget https://es.ukrtb.ru/nextcloud/s/HX6fcj5mpBASTeG/download/librtpkcs11ecp_2.3.3.0-1_amd64.deb -O /tmp/librtpkcs11ecp.deb
dpkg -i /tmp/librtpkcs11ecp.deb
# создане директории для корневого сертификата
mkdir /etc/krb5/
# конфигурация керберос
sed -i '/default_realm/a \
pkinit_anchors = FILE:/etc/krb5/cacert.pem \
pkinit_identities = PKCS11:/usr/lib/librtpkcs11ecp.so ' \
/etc/krb5.conf
}
# определение необходимостей
echo "Сеть [0]"
echo "Репозитории [1]"
echo "Сервер SSH [2]"
echo "Беспарольный вход по SSH [3]"
echo "Вход в Active Directory [4]"
echo "Иницилизация Astra Linux Directory [5]"
echo "Вход в Astra Linux Directory [6]"
echo "Device Monitor клиент [7]"
echo "RUTK Сервер [8]"
echo "RUTK Клиент [9]"
read -p 'Выберите интересующие вас функции: [0124] ' WHICH_FUNC
if grep -q "0" <<< "$WHICH_FUNC"; then
network_variables
fi
if grep -q "1" <<< "$WHICH_FUNC"; then
repos_update
fi
if grep -q "2" <<< "$WHICH_FUNC"; then
ssh_server
fi
if grep -q "3" <<< "$WHICH_FUNC"; then
ssh_client
fi
if grep -q "4" <<< "$WHICH_FUNC"; then
ad_join
fi
if grep -q "5" <<< "$WHICH_FUNC"; then
ald_init
fi
if grep -q "6" <<< "$WHICH_FUNC"; then
ald_join
fi
if grep -q "7" <<< "$WHICH_FUNC"; then
dmcli_install
fi
if grep -q "8" <<< "$WHICH_FUNC"; then
rutk_server
fi
if grep -q "9" <<< "$WHICH_FUNC"; then
rutk_client
fi