Ceci est une ancienne révision du document !
Bloquer les accès SSH pour PlcmSpIp
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config echo "DenyUsers PlcmSpIp" >> /etc/e-smith/templates-custom/etc/ssh/sshd_config/99DenyUsers expand-template /etc/ssh/sshd_config sv t /service/sshd
Créer le répertoire de déploiement
mkdir -p /var/lib/phone/polycom/
Configurer le serveur DHCP
mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf/ cat <<EOF > /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom option boot-server code 66 = string; group \{ option boot-server "ftp://PlcmSpIp:__SECRET__@{ \$LocalIP }"; host phone-1 \{ hardware ethernet 00:04:f2:1d:fe:44; fixed-address 192.168.7.22; \} \} EOF SECRET=$(/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]') sed -i -e "s/__SECRET__/$SECRET/" /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom echo $SECRET > ~/polycom.secret chmod 600 ~/polycom.secret unset SECRET
Configuration du serveur FTP
mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/ cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/04polycomRoot DefaultRoot /var/lib/phone/polycom PlcmSpIp EOF cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/50polycomShare <Directory /var/lib/phone/polycom> GroupOwner PlcmSpIp Umask 047 AllowOverwrite on <Limit READ WRITE> AllowUser PlcmSpIp </Limit> </Directory> EOF mkdir -p /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/ cat <<EOF > /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/30polycom PlcmSpIp EOF
Création de l'(utilisateur système PlcmSpIp
groupadd PlcmSpIp useradd -c 'Provisioning User For Polycom' -s /bin/false -m -g PlcmSpIp -d /var/lib/phone/polycom PlcmSpIp cat ~/polycom.secret | passwd --stdin PlcmSpIp db accounts set PlcmSpIp system-user comment 'user for polycom phones' PasswordSet yes
Redémarrage du serveur FTP
expand-template /etc/ftpusers expand-template /etc/e-smith/pam/accounts.allow expand-template /etc/e-smith/pam/accounts.deny expand-template /etc/proftpd.conf sv t /service/ftp
Restriction des permissions
cd /var/lib/phone/polycom chown -R root:PlcmSpIp ./* chmod -R o-rwx ./* chown PlcmSpIp ./log chown PlcmSpIp ./overrides chown PlcmSpIp ./contacts chmod u-w ../polycom