Инструменты пользователя

Инструменты сайта


it:centos_7_-_vkljuchenie_novoj_mashiny_v_domen_freeipa

CentOS 7 - включение новой машины в домен FreeIPA

yum install ipa-client dnsmasq

cat /etc/dnsmasq.conf
bind-interfaces
cache-size=150
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
interface=lo
local-ttl=60

ipa-client-install

authconfig –enablemkhomedir –update

/etc/ssh/sshd_config:
Protocol 2
LogLevel INFO
X11Forwarding no
MaxAuthTries 4
IgnoreRhosts yes
HostbasedAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
PermitUserEnvironment no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
ClientAliveInterval 900
ClientAliveCountMax 0
LoginGraceTime 60
Banner /etc/issue.net
AllowGroups admins deploymanager

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys
AcceptEnv LANG LC_*
Subsystem sftp /usr/libexec/openssh/sftp-server
#ChallengeResponseAuthentication no
PrintMotd no
#UsePAM yes
#AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
#AuthorizedKeysCommandUser nobody
KerberosAuthentication no
PubkeyAuthentication yes
UsePAM yes
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
GSSAPIAuthentication yes
ChallengeResponseAuthentication yes
AuthorizedKeysCommandUser nobody

/etc/issue.net - заполнить по вкусу.

yum install zabbix-plugins-pan

/etc/zabbix/zabbix_agentd.conf - заполнить по вкусу

it/centos_7_-_vkljuchenie_novoj_mashiny_v_domen_freeipa.txt · Последнее изменение: 2020/04/15 16:41 — puse_vivat