Table des matières

Bloquer les accès SSH pour PlcmSpIp

mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config
echo "DenyUsers PlcmSpIp" >> /etc/e-smith/templates-custom/etc/ssh/sshd_config/99DenyUsers
expand-template /etc/ssh/sshd_config
sv t /service/sshd

Créer le répertoire de déploiement

mkdir -p /var/lib/phone/polycom/

Configurer le serveur DHCP

mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf/
cat <<EOF > /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
option boot-server code 66 = string;
group \{
 
option boot-server "ftp://PlcmSpIp:__SECRET__@{ \$LocalIP }";
 
host phone-1 \{
       hardware ethernet 00:04:f2:1d:fe:44;
       fixed-address 192.168.7.22;
\}
\}
EOF
SECRET=$(/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]')
sed -i -e "s/__SECRET__/$SECRET/" /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
echo $SECRET > ~/polycom.secret
chmod 600 ~/polycom.secret
unset SECRET

Configuration du serveur FTP

mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/
cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/04polycomRoot
DefaultRoot     /var/lib/phone/polycom       PlcmSpIp
EOF
 
cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/50polycomShare
<Directory /var/lib/phone/polycom>
   GroupOwner PlcmSpIp
   Umask 047
   AllowOverwrite on
   <Limit READ WRITE>
       AllowUser PlcmSpIp
   </Limit>
</Directory>
EOF
 
mkdir -p /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/
 
cat <<EOF > /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/30polycom
PlcmSpIp
EOF

Création de l'(utilisateur système PlcmSpIp

groupadd PlcmSpIp
useradd -c 'Provisioning User For Polycom' -s /bin/false -m -g PlcmSpIp -d /var/lib/phone/polycom PlcmSpIp
cat ~/polycom.secret | passwd --stdin PlcmSpIp
db accounts set PlcmSpIp system-user comment 'user for polycom phones' PasswordSet yes

Redémarrage du serveur FTP

expand-template /etc/ftpusers
expand-template /etc/e-smith/pam/accounts.allow
expand-template /etc/e-smith/pam/accounts.deny
expand-template /etc/proftpd.conf
sv t /service/ftp

Restriction des permissions

cd /var/lib/phone/polycom
chown -R root:PlcmSpIp ./*
chmod -R o-rwx ./*
chown PlcmSpIp ./log
chown PlcmSpIp ./overrides
chown PlcmSpIp ./contacts
chmod u-w ../polycom