def main(): signal.signal(signal.SIGINT, signal.SIG_IGN) try: l_opts = ["help", "email=", "email-placeholder="] opts, args = getopt.gnu_getopt(sys.argv[1:], "h", l_opts) except getopt.GetoptError as e: usage(e) email = "" email_placeholder = "" for opt, val in opts: if opt in ("-h", "--help"): usage() elif opt == "--email": email = val elif opt == "--email-placeholder": email_placeholder = val if email and not email_re.match(email): fatal("email is not valid") if not email: d = Dialog("TurnKey Linux - First boot configuration") email = email_placeholder while 1: retcode, email = d.inputbox(TITLE, TEXT, email, "Enable", "Skip") dia_log(("secalerts.main():\n\tretcode:`{}'\n\temail:`{}'").format( retcode, email)) if retcode == 'cancel': email = "" break if not email_re.match(email): d.error('Email is not valid') continue if d.yesno("Is your email correct?", email): break if email: cmd = os.path.join(os.path.dirname(__file__), 'secalerts.sh') dia_log("\tcmd:`{}'".format(cmd)) subprocess.run([cmd, email], check=True)
def main(): signal.signal(signal.SIGINT, signal.SIG_IGN) try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ['help']) except getopt.GetoptError as e: usage(e) for opt, val in opts: if opt in ('-h', '--help'): usage() d = Dialog("TurnKey GNU/Linux - First boot configuration") install = d.yesno("Security updates", TEXT, "Install", "Skip") if not install: sys.exit(1) try: check_output(["host", "-W", "2", "archive.turnkeylinux.org"]) except CalledProcessError as e: d.error(CONNECTIVITY_ERROR) sys.exit(1)
min_complexity=3) if join and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') while 1: retcode, join_nameserver = d.inputbox( "Add nameserver", "Set the DNS server IP and AD DNS domain in your /etc/resolv.conf.", "", "Add", "Skip") if retcode == 1: join_nameserver = "" break if not valid_ip(join_nameserver): d.error('IP is not valid.') continue if d.yesno("Is your DNS correct?", join_nameserver): break if join: system( '/usr/lib/inithooks/bin/sambaconf_join.sh -r {REALM} -d {DOMAIN} -u {ADMIN_USER} -p {ADMIN_PASSWORD} -n {NAME_SERVER} 2> /var/log/dc.log || true' .format(DOMAIN=domain, ADMIN_PASSWORD=admin_password, ADMIN_USER=ADMIN_USER, REALM=realm, NAME_SERVER=join_nameserver)) if 'ERROR' in open('/var/log/dc.log').read(): system('mv /var/log/dc.log /var/log/dc.log_old')
initialized_tklbam = False d = Dialog('TurnKey Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: getoutput("host -W 2 hub.turnkeylinux.org") except ExecError, e: d.error(CONNECTIVITY_ERROR) break try: getoutput('tklbam-init', apikey) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM) initialized_tklbam = True break except ExecError, e: d.msgbox('Failure', e.output) continue if initialized_tklbam: while 1: retcode, fqdn = d.inputbox("Assign TurnKey DNS hostname", TEXT_HUBDNS,
def main(): HOSTNAME = subprocess.run(['hostname', '-s'], encoding='utf-8', stdout=PIPE).stdout.strip() NET_IP = subprocess.run(['hostname', '-I'], encoding='utf-8', stdout=PIPE).stdout.strip() # disabled for now, will reimplment at some point... # NET_IP321 = NET_IP.split('.')[:-1] # NET_IP321.reverse() # NET_IP321 = '.'.join(NET_IP321) # NET_IP4 = NET_IP.split('.')[-1] DEFAULT_HOSTNAME = "dc1" DEFAULT_REALM = "DOMAIN.LAN" DEFAULT_DOMAIN = "DOMAIN" DEFAULT_NS = "" DEFAULT_NEW_HOSTNAME = "dc2" try: opts, args = getopt.gnu_getopt( sys.argv[1:], "h", ['help', 'pass='******'domain=', 'realm=', 'join_ns=', 'hostname=']) except getopt.GetoptError as e: usage(e) interactive = False domain = "" realm = "" admin_password = "" join_nameserver = "" hostname = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--pass': admin_password = val elif opt == '--realm': realm = val elif opt == '--domain': domain = val elif opt == '--join_ns': join_nameserver = val DEFAULT_NS = join_nameserver elif opt == '--hostname': hostname = val if ((not (realm and domain and admin_password)) or (join_nameserver and not valid_ip(join_nameserver) or (join_nameserver and not hostname)) or TURNKEY_INIT): interactive = True if join_nameserver: create = True elif realm and domain and admin_password and join_nameserver and hostname: join_nameserver = valid_ip(join_nameserver) update_resolvconf(realm.lower(), join_nameserver, interactive) hostname = validate_hostname(hostname, realm, interactive, DEFAULT_HOSTNAME) if join_nameserver and hostname[0]: # both valid create = False elif join_nameserver: # invalid hostname restore_resolvconf() interactive = True hostname = "" elif hostname[0]: # invalid nameserver IPv4 interactive = True else: # both invalid restore_resolvconf() interactive = True hostname = "" join_nameserver = "" elif realm and domain and admin_password and not join_nameserver: create = True while True: if TURNKEY_INIT: d = Dialog('Turnkey Linux - First boot configuration') do_it = d.yesno( "Reconfigure Samba?", "Existing Samba config will be removed.\n\n" "Cancelling will leave existing config in place.\n" "\nContinue?", "Reconfigure", "Cancel") if not do_it: sys.exit(0) if interactive and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') create = d.yesno( "Create new AD or join existing?", "You can create new Active Directory or join existing one." "\n\nNote that joining a non-TurnKey existing AD domain not is" " experimental and may fail. If so, please manually configure" " using the 'samba-tool' commandline tool.", "Create", "Join") if create: create = True else: create = False if not realm: while True: d = Dialog('Turnkey Linux - First boot configuration') realm = d.get_input( "Samba Kerberos Realm / AD DNS zone", "Kerberos Realm should be 2 or more groups of 63 or less" " ASCII characters, separated by dot(s). Kerberos realm" " will be stored as uppercase; DNS zone as" " lowercase\n\n" "Enter the Realm / DNS zone you would like to use.", DEFAULT_REALM) realm = validate_realm(realm, interactive) if realm[0]: break else: d.error(realm[1]) continue else: realm = validate_realm(realm, interactive) if not domain: while True: d = Dialog('TurnKey Linux - First boot configuration') domain = d.get_input( "Samba NetBIOS Domain (aka workgroup)", "The NetBIOS domain (aka workgroup) should be 15 or less" " ASCII characters.\n\n" "Enter NetBIOS domain (aka 'WORKGROUP') to use.", DEFAULT_DOMAIN) domain = validate_netbios(domain, interactive) if domain[0]: break else: d.error(domain[1]) continue else: domain = validate_netbios(domain, interactive) if not admin_password: d = Dialog('TurnKey Linux - First boot configuration') server_status = 'new' if create else 'existing' admin_password = d.get_password( "Samba Password", "Enter password for the {} samba Domain 'Administrator'" " account.".format(server_status), pass_req=8, min_complexity=3, blacklist=['(', ')']) if interactive and not create: d = Dialog('Turnkey Linux - First boot configuration') if not join_nameserver: while True: join_nameserver = d.get_input( "Add nameserver", "Set DNS server IPv4 for existing AD domain DNS" " server", DEFAULT_NS) if not valid_ip(join_nameserver): d.error("IP: '{}' not valid.".format(join_nameserver)) join_nameserver = "" continue else: break update_resolvconf(realm.lower(), join_nameserver, interactive) if not hostname: while True: hostname = d.get_input( "Set new hostname", "Set new unique hostname for this domain-controller.", DEFAULT_NEW_HOSTNAME) hostname = validate_hostname(hostname, realm.lower(), interactive, DEFAULT_HOSTNAME) if not hostname[0]: d.error(hostname[1]) continue else: set_hostname(hostname) break # Stop any Samba services services = ['samba', 'samba-ad-dc', 'smbd', 'nmbd'] for service in services: subprocess.run(['systemctl', 'stop', service], stderr=PIPE) # Remove Samba & Kerberos conf rm_f('/etc/samba/smb.conf') rm_f('/etc/krb5.conf') # Remove Samba DBs dirs = [ '/var/run/samba', '/var/lib/samba', '/var/cache/samba', '/var/lib/samba/private' ] for _dir in dirs: for _db_file in ['*.tdb', '*.ldb']: rm_glob('/'.join([_dir, _db_file])) set_expiry = [ 'samba-tool', 'user', 'setexpiry', ADMIN_USER, '--noexpiry' ] export_krb = [ 'samba-tool', 'domain', 'exportkeytab', '/etc/krb5.keytab' ] krb_pass = None if create: ip = NET_IP # will add to hosts file samba_domain = [ 'samba-tool', 'domain', 'provision', '--server-role=dc', '--use-rfc2307', '--dns-backend=SAMBA_INTERNAL', '--realm={}'.format(realm), '--domain={}'.format(domain), '--adminpass={}'.format(admin_password), '--option=dns forwarder=8.8.8.8', '--option=interfaces=127.0.0.1 {}'.format(NET_IP) ] commands = [samba_domain, set_expiry, export_krb] nameserver = '127.0.0.1' hostname = HOSTNAME else: # join with open('/etc/krb5.conf', 'w') as fob: fob.write('[libdefaults]\n') fob.write(' dns_lookup_realm = false\n') fob.write(' dns_lookup_kdc = true\n') fob.write(' default_realm = {}'.format(realm)) ip = None # will update 127.0.1.1 hosts entry only config_krb = ['kinit', 'administrator'] krb_pass = admin_password samba_domain = [ 'samba-tool', 'domain', 'join', realm.lower(), 'DC', "--option='idmap_ldb:use rfc2307 = yes'" ] commands = [config_krb, samba_domain, export_krb] nameserver = join_nameserver finalize = False update_resolvconf(realm.lower(), nameserver, interactive) print('hostname', hostname, 'realm', realm) update_hosts('127.0.1.1', hostname, realm) if ip: update_hosts(ip, hostname, realm) for samba_command in commands: print('Running command: {}'.format(' '.join(samba_command))) if krb_pass: samba_run_code, samba_run_out = run_command(samba_command, stdin=krb_pass) krb_pass = None else: samba_run_code, samba_run_out = run_command(samba_command) if samba_run_code != 0: os.makedirs(os.path.dirname(COMMAND_LOG), exist_ok=True) with open(COMMAND_LOG, 'a') as fob: fob.write("Command: {}\n\n".format( " ".join(samba_command))) fob.write("\n") fob.write("{}\n".format(samba_run_out)) if interactive: d = Dialog('Turnkey Linux - First boot configuration') # handle incorrect details lines_to_print = [] end = False for line in samba_run_out.split('\n'): if line.startswith('Failed to bind'): lines_to_print.append("-".join( line.split("-", 2)[:2])) elif line.startswith('Failed to connect'): lines_to_print.append(line.split("-", 1)[:1][0]) elif line.startswith('ERROR'): lines_to_print.append("-".join( line.split("-", 2)[:2])) end = True else: if not end: lines_to_print.append(line) continue lines_to_print.append('') lines_to_print.append( "See {} for full output".format(COMMAND_LOG)) retry = d.error("{}\n\n".format('\n'.join(lines_to_print))) finalize = False DEFAULT_REALM = realm realm = "" DEFAULT_DOMAIN = domain domain = "" admin_password = "" DEFAULT_NS = join_nameserver join_nameserver = "" break else: fatal("Errors in processing domain-controller inithook" " data:\n{}".format(samba_run_out)) else: finalize = True if finalize: os.chown('/etc/krb5.keytab', 0, 0) os.chmod('/etc/krb5.keytab', 0o600) shutil.copy2('/var/lib/samba/private/krb5.conf', '/etc/krb5.conf') subprocess.run(['systemctl', 'start', 'samba-ad-dc']) while subprocess.run([ 'systemctl', 'is-active', '--quiet', 'samba-ad-dc' ]).returncode != 0: time.sleep(1) subprocess.check_output(['kinit', ADMIN_USER], encoding='utf-8', input=admin_password) msg = "\nPlease ensure that you have set a static IP. If you" \ " haven't already, please ensure that you do that ASAP," \ " and update IP addresses in DNS and hosts file (please" \ " see docs for more info).\n" if create: msg = msg + \ "\nWhen adding clients, you'll need this info:\n" \ " nameserver: {}\n" \ " * - set client to use this nameserver first!\n" \ " AD DNS domain: {}\n" \ " AD admin account name: {}\n" \ " AD admin user password: (what you set)\n" \ "".format(nameserver, realm.lower(), ADMIN_USER) if interactive: d = Dialog('Turnkey Linux - First boot configuration') d.infobox(msg) else: print(msg) cleanup() break else: restore_resolvconf() restore_hosts()
oinkcode = val if not oinkcode: d = Dialog('Insta-Snorby - First boot configuration') response = d.yesno("Enter Oinkcode?","Snorby can automatically download and install Sourcefire's VRT rules. In order to do this, you need obtain and enter your Oinkcode from snort.org. \n\nWould you like to enter your oink code?") if response: oinkcode = d.inputbox("Enter Oinkcode","Please enter your 40 character Oinkcode") if oinkcode: system('echo %s > /root/oinkcode' % oinkcode[1]) d.infobox('VRT rules are downloading...') try: system('wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/%s -o /dev/null -O /root/snortrules.tar.gz' % oinkcode[1]) except: d.error("Could not download VRT rules.") d.infobox('Download complete! VRT rules are extracting...') system('tar zxf /root/snortrules.tar.gz -C /root/') system('cp /root/rules/* /etc/snort/rules/') system('cp -f /root/snortvrt.conf /etc/snort/snort.conf') system('cat /root/etc/sid-msg.map >> /etc/snort/sid-msg.map') system("sed -i 's/<oinkcode>/%s/g' /root/vrtpulledpork.conf" % oinkcode[1]) system("cp /root/vrtpulledpork.conf /root/pulledpork-0.5.0/etc/pulledpork.conf") if __name__ == "__main__": main()
initialized_tklbam = False d = Dialog('TurnKey GNU/Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: getoutput("host -W 2 hub.turnkeylinux.org") except ExecError, e: d.error(CONNECTIVITY_ERROR) break try: getoutput('tklbam-init %s' % apikey) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM) initialized_tklbam = True break except ExecError, e: d.msgbox('Failure', e.output) continue if initialized_tklbam: while 1: retcode, fqdn = d.inputbox("Assign TurnKey DNS hostname",
if not email: d = Dialog("TurnKey Linux - First boot configuration") email = email_placeholder while 1: retcode, email = d.inputbox( TITLE, TEXT, email, "Enable", "Skip") if retcode == 1: email = "" break if not email_re.match(email): d.error('Email is not valid') continue if d.yesno("Is your email correct?", email): break if email: cmd = os.path.join(os.path.dirname(__file__), 'secalerts.sh') system(cmd, email) if __name__ == "__main__": main()
for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--pass': password = val if password.lower() == "admin": usage("illegal password specified") if not password: while True: d = Dialog('TurnKey Linux - First boot configuration') password = d.get_password( "MediaWiki Password", "Enter new password for the MediaWiki 'admin' account.") if password.lower() == "admin": d.error("Illegal password, please try again.") continue break hashpass = hashlib.md5(password).hexdigest() hashpass = hashlib.md5("1-" + hashpass).hexdigest() # userid 1 m = MySQL() m.execute('UPDATE mediawiki.user SET user_password=\"%s\" WHERE user_id=\"1\";' % hashpass) if __name__ == "__main__": main()
if not email: d = Dialog("TurnKey Linux - First boot configuration") email = email_placeholder while 1: retcode, email = d.inputbox( TITLE, TEXT, email, "Enable", "Skip") if retcode == 1: email = "" break if not email_re.match(email): d.error('Email is not valid') continue if d.yesno("Is your email correct?", email): break if email: cmd = os.path.join(os.path.dirname(__file__), 'secalerts.sh') system(cmd, email) if __name__ == "__main__": main()
if join and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') while 1: retcode, join_nameserver = d.inputbox( "Add nameserver", "Set the DNS server IP and AD DNS domain in your /etc/resolv.conf.", "", "Add", "Skip") if retcode == 1: join_nameserver = "" break if not valid_ip(join_nameserver): d.error('IP is not valid.') continue if d.yesno("Is your DNS correct?", join_nameserver): break if join: system('/usr/lib/inithooks/bin/sambaconf_join.sh -r {REALM} -d {DOMAIN} -u {ADMIN_USER} -p {ADMIN_PASSWORD} -n {NAME_SERVER} 2> /var/log/dc.log || true'.format(DOMAIN = domain, ADMIN_PASSWORD=admin_password, ADMIN_USER=ADMIN_USER, REALM=realm, NAME_SERVER=join_nameserver)) if 'ERROR' in open('/var/log/dc.log').read(): if not join_check: break system('mv /var/log/dc.log /var/log/dc.log_old') d = Dialog('Turnkey Linux - First boot configuration') d.error("Can't join a Samba DC to an Existing Active Directory.\nPlease check your input.") realm = "" domain = ""
if opt in ('-h', '--help'): usage() elif opt == '--pass': password = val if password.lower() == "admin": usage("illegal password specified") if not password: while True: d = Dialog('TurnKey Linux - First boot configuration') password = d.get_password( "MediaWiki Password", "Enter new password for the MediaWiki 'admin' account.") if password.lower() == "admin": d.error("Illegal password, please try again.") continue break hashpass = hashlib.md5(password).hexdigest() hashpass = hashlib.md5("1-" + hashpass).hexdigest() # userid 1 m = MySQL() m.execute( 'UPDATE mediawiki.user SET user_password=\"%s\" WHERE user_id=\"1\";' % hashpass) if __name__ == "__main__": main()
def main(): signal.signal(signal.SIGINT, signal.SIG_IGN) try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ['help', 'apikey=', 'fqdn=']) except getopt.GetoptError as e: usage(e) apikey = "" fqdn = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--apikey': apikey = val elif opt == '--fqdn': fqdn = val if apikey: system('tklbam-init', apikey) if fqdn: system('hubdns-init', apikey, fqdn) system('hubdns-update') return initialized_tklbam = False d = Dialog('TurnKey GNU/Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: check_output(["host", "-W", "2", "hub.turnkeylinux.org"]) except CalledProcessError as e: d.error(CONNECTIVITY_ERROR) break try: check_output(['tklbam-init', apikey]) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM) initialized_tklbam = True break except CalledProcessError as e: d.msgbox('Failure', e.output) continue if initialized_tklbam: while 1: retcode, fqdn = d.inputbox("Assign TurnKey DNS hostname", TEXT_HUBDNS, fqdn, "Apply", "Skip") if not fqdn or retcode == 1: break d.infobox("Linking HubDNS to the TurnKey Hub...") try: check_output(['hubdns-init', apikey, fqdn]) check_output(['hubdns-update']) d.msgbox('Success! Assigned %s' % fqdn, SUCCESS_HUBDNS) break except CalledProcessError as e: d.msgbox('Failure', e.output) continue
def main(): DEFAULT_REALM = "DOMAIN.LAN" DEFAULT_DOMAIN = "DOMAIN" DEFAULT_NS = "" try: opts, args = getopt.gnu_getopt( sys.argv[1:], "h", ['help', 'pass='******'domain=', 'realm=', 'join_ns=']) except getopt.GetoptError as e: usage(e) interactive = False domain = "" realm = "" admin_password = "" join_nameserver = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--pass': admin_password = val elif opt == '--realm': realm = val elif opt == '--domain': domain = val elif opt == '--join_ns': join_nameserver = val DEFAULT_NS = join_nameserver if ((not (realm and domain and admin_password)) or (join_nameserver and not valid_ip(join_nameserver)) or TURNKEY_INIT): interactive = True if join_nameserver: create = True elif realm and domain and admin_password and join_nameserver: join_nameserver = valid_ip(join_nameserver) create = False elif realm and domain and admin_password and not join_nameserver: create = True while True: if TURNKEY_INIT: d = Dialog('Turnkey Linux - First boot configuration') do_it = d.yesno( "Reconfigure Samba?", "Existing Samba config will be removed.\n\n" "Cancelling will leave existing config in place.\n" "\nContinue?", "Reconfigure", "Cancel") if not do_it: sys.exit(0) if interactive and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') create = d.yesno( "Create new AD or join existing?", "You can create new Active Directory or join existing one.", "Create", "Join") if create: create = True if not realm: while True: d = Dialog('Turnkey Linux - First boot configuration') realm = d.get_input( "Samba Kerberos Realm / AD DNS zone", "Kerberos Realm should be 2 or more groups of 63 or less" " ASCII characters, separated by dot(s). Kerberos realm" " will be stored as uppercase; DNS zone as" " lowercase\n\n" "Enter the Realm / DNS zone you would like to use.", DEFAULT_REALM) realm = validate_realm(realm, interactive) if realm[0]: break else: d.error(realm[1]) continue else: realm = validate_realm(realm, interactive) if not domain: while True: d = Dialog('TurnKey Linux - First boot configuration') domain = d.get_input( "Samba NetBIOS Domain (aka workgroup)", "The NetBIOS domain (aka workgroup) should be 15 or less" " ASCII characters.\n\n" "Enter NetBIOS domain (aka 'WORKGROUP') to use.", DEFAULT_DOMAIN) domain = validate_netbios(domain, interactive) if domain[0]: break else: d.error(domain[1]) continue else: domain = validate_netbios(domain, interactive) if not admin_password: d = Dialog('TurnKey Linux - First boot configuration') admin_password = d.get_password( "Samba Password", "Enter password for the samba 'Administrator' account.", pass_req=8, min_complexity=3, blacklist=['(', ')']) if interactive and not create: d = Dialog('Turnkey Linux - First boot configuration') while True: join_nameserver = d.get_input( "Add nameserver", "Set DNS server IPv4 for existing AD domain DNS server", DEFAULT_NS) if not valid_ip(join_nameserver): d.error("IP: '{}' is not valid.".format(join_nameserver)) join_nameserver = "" continue else: break # Stop any Samba services services = ['samba', 'samba-ad-dc', 'smbd', 'nmbd'] for service in services: subprocess.run(['systemctl', 'stop', service], stderr=PIPE) # Remove Samba & Kerberos conf rm_f('/etc/samba/smb.conf') rm_f('/etc/krb5.conf') # Remove Samba DBs dirs = [ '/var/run/samba', '/var/lib/samba', '/var/cache/samba', '/var/lib/samba/private' ] for _dir in dirs: for _db_file in ['*.tdb', '*.ldb']: rm_glob('/'.join([_dir, _db_file])) if create: samba_domain = [ 'samba-tool', 'domain', 'provision', '--server-role=dc', '--use-rfc2307', '--dns-backend=SAMBA_INTERNAL', '--realm={}'.format(realm), '--domain={}'.format(domain), '--adminpass={}'.format(admin_password), '--option=dns forwarder=8.8.8.8', '--option=interfaces=127.0.0.1 {}'.format(NET_IP) ] else: # join samba_domain = [ 'samba-tool', 'domain', 'join', realm, 'DC', '-U"{}\\Administrator"'.format(domain), '--password={}'.format(admin_password), '--option=idmap_ldb:use rfc2307 = yes' ] set_expiry = [ 'samba-tool', 'user', 'setexpiry', ADMIN_USER, '--noexpiry' ] export_krb = [ 'samba-tool', 'domain', 'exportkeytab', '/etc/krb5.keytab' ] finalize = False for samba_command in [samba_domain, set_expiry, export_krb]: samba_run_code, samba_run_out = run_command(samba_command) if samba_run_code != 0: if interactive: d = Dialog('Turnkey Linux - First boot configuration') retry = d.error("{}\n\n".format(samba_run_out)) finalize = False DEFAULT_REALM = realm realm = "" DEFAULT_DOMAIN = domain domain = "" admin_password = "" DEFAULT_NS = join_nameserver join_nameserver = "" break else: fatal("Errors in processing domain-controller inithook" " data.") else: finalize = True if finalize: os.chown('/etc/krb5.keytab', 0, 0) os.chmod('/etc/krb5.keytab', 0o600) shutil.copy2('/var/lib/samba/private/krb5.conf', '/etc/krb5.conf') update_resolvconf(realm.lower()) subprocess.run(['systemctl', 'restart', 'resolvconf.service']) update_hosts(NET_IP, HOSTNAME.lower(), realm.lower()) subprocess.run(['systemctl', 'start', 'samba-ad-dc']) while subprocess.run([ 'systemctl', 'is-active', '--quiet', 'samba-ad-dc' ]).returncode != 0: time.sleep(1) subprocess.check_output(['kinit', ADMIN_USER], encoding='utf-8', input=admin_password) msg = "\nPlease ensure that you have set a static IP. If you" \ " haven't already, please ensure that you do that ASAP," \ " and update IP addresses in DNS and hosts file (please" \ " see docs for more info)." if interactive: d = Dialog('Turnkey Linux - First boot configuration') d.infobox(msg) else: print(msg) break
) if response: oinkcode = d.inputbox("Enter Oinkcode", "Please enter your 40 character Oinkcode") if oinkcode: system('echo %s > /root/oinkcode' % oinkcode[1]) d.infobox('VRT rules are downloading...') try: system( 'wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/%s -o /dev/null -O /root/snortrules.tar.gz' % oinkcode[1]) except: d.error("Could not download VRT rules.") d.infobox('Download complete! VRT rules are extracting...') system('tar zxf /root/snortrules.tar.gz -C /root/') system('cp /root/rules/* /etc/snort/rules/') system('cp -f /root/snortvrt.conf /etc/snort/snort.conf') system('cat /root/etc/sid-msg.map >> /etc/snort/sid-msg.map') system("sed -i 's/<oinkcode>/%s/g' /root/vrtpulledpork.conf" % oinkcode[1]) system( "cp /root/vrtpulledpork.conf /root/pulledpork-0.6.1/etc/pulledpork.conf" ) if __name__ == "__main__": main()