====== CentOS 7 - включение новой машины в домен FreeIPA ======

''yum install ipa-client dnsmasq''

cat /etc/dnsmasq.conf\\
''bind-interfaces\\
cache-size=150\\
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig\\
interface=lo\\
local-ttl=60''

''ipa-client-install''

''authconfig --enablemkhomedir --update''

/etc/ssh/sshd_config:\\
''Protocol 2\\
LogLevel INFO\\
X11Forwarding no\\
MaxAuthTries 4\\
IgnoreRhosts yes\\
HostbasedAuthentication no\\
PermitRootLogin no\\
PermitEmptyPasswords no\\
PermitUserEnvironment no\\
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com\\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\\
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\\
ClientAliveInterval 900\\
ClientAliveCountMax 0\\
LoginGraceTime 60\\
Banner /etc/issue.net\\
AllowGroups admins deploymanager\\
\\
HostKey /etc/ssh/ssh_host_rsa_key\\
HostKey /etc/ssh/ssh_host_ecdsa_key\\
HostKey /etc/ssh/ssh_host_ed25519_key\\
AuthorizedKeysFile .ssh/authorized_keys\\
AcceptEnv LANG LC_*\\
Subsystem sftp /usr/libexec/openssh/sftp-server\\
#ChallengeResponseAuthentication no\\
PrintMotd no\\
#UsePAM yes\\
#AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\\
#AuthorizedKeysCommandUser nobody\\
KerberosAuthentication no\\
PubkeyAuthentication yes\\
UsePAM yes\\
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\\
GSSAPIAuthentication yes\\
ChallengeResponseAuthentication yes\\
AuthorizedKeysCommandUser nobody''

/etc/issue.net - заполнить по вкусу.

''yum install zabbix-plugins-pan''

/etc/zabbix/zabbix_agentd.conf - заполнить по вкусу