===== Bloquer les accès SSH pour PlcmSpIp ===== mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config echo "DenyUsers PlcmSpIp" >> /etc/e-smith/templates-custom/etc/ssh/sshd_config/99DenyUsers expand-template /etc/ssh/sshd_config sv t /service/sshd ===== Créer le répertoire de déploiement ===== mkdir -p /var/lib/phone/polycom/ ===== Configurer le serveur DHCP ===== mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf/ cat < /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom option boot-server code 66 = string; group \{ option boot-server "ftp://PlcmSpIp:__SECRET__@{ \$LocalIP }"; host phone-1 \{ hardware ethernet 00:04:f2:1d:fe:44; fixed-address 192.168.7.22; \} \} EOF SECRET=$(/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]') sed -i -e "s/__SECRET__/$SECRET/" /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom echo $SECRET > ~/polycom.secret chmod 600 ~/polycom.secret unset SECRET ===== Configuration du serveur FTP ===== mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/ cat < /etc/e-smith/templates-custom/etc/proftpd.conf/04polycomRoot DefaultRoot /var/lib/phone/polycom PlcmSpIp EOF cat < /etc/e-smith/templates-custom/etc/proftpd.conf/50polycomShare GroupOwner PlcmSpIp Umask 047 AllowOverwrite on AllowUser PlcmSpIp EOF mkdir -p /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/ cat < /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/30polycom PlcmSpIp EOF ===== Création de l'(utilisateur système PlcmSpIp ===== groupadd PlcmSpIp useradd -c 'Provisioning User For Polycom' -s /bin/false -m -g PlcmSpIp -d /var/lib/phone/polycom PlcmSpIp cat ~/polycom.secret | passwd --stdin PlcmSpIp db accounts set PlcmSpIp system-user comment 'user for polycom phones' PasswordSet yes ===== Redémarrage du serveur FTP ===== expand-template /etc/ftpusers expand-template /etc/e-smith/pam/accounts.allow expand-template /etc/e-smith/pam/accounts.deny expand-template /etc/proftpd.conf sv t /service/ftp ===== Restriction des permissions ===== cd /var/lib/phone/polycom chown -R root:PlcmSpIp ./* chmod -R o-rwx ./* chown PlcmSpIp ./log chown PlcmSpIp ./overrides chown PlcmSpIp ./contacts chmod u-w ../polycom