Tips-Of-Mine/Hardening-Linux-Debian-Ubuntu
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update : GLPI module

Browse Source
This commit is contained in:
Hubert Cornet 2025-04-25 13:42:35 +02:00
parent 8587224cde
commit 828a49c7a3
4 changed files with 47 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@ -1,4 +1,4 @@
# 1. Prerequis-install-deb # 1. Hardening
Depuis un terminal, faire un copié/collé du code ci-dessous Depuis un terminal, faire un copié/collé du code ci-dessous
@ -21,47 +21,55 @@ chmod +x * -R
sudo ./main.sh sudo ./main.sh
``` ```
## 01-ssh ## package_management.sh
Configuration du SSH sur la VM Configuration du SSH sur la VM
Et rajout de l'interface motd Et rajout de l'interface motd
## 02-apt ## ssh_hardening.sh
Mise en place de la configuration proxy, puis lancement de l'update Mise en place de la configuration proxy, puis lancement de l'update
## 03-cortex ## firewall.s
Installation de l'agent Cortex Installation de l'agent Cortex
## 04-agent-glpi ## fail2ban.sh
Installation de l'agent GLPI Installation de l'agent GLPI
## 05-manageEngine ## auditing.sh
Installation de l'agent ManageEngine Installation de l'agent ManageEngine
## 06-SNMP ## dns_config.sh
Installation du service SNMP avec la configuration Installation du service SNMP avec la configuration
## 07-DNS ## ntp.sh
Installation du paramétrage DNS Installation du paramétrage DNS
## 08-NRPE ## auto_updates.sh
Installation du paramétrage nrpe Installation du paramétrage nrpe
## 09-Firewall ## antivirus.sh
Installation du Firewall + paramétrage Installation du Firewall + paramétrage
## 10-Fail2Ban ## custom_prompt.sh
Installation du Faild2Ban + paramétrage Installation du Faild2Ban + paramétrage
## glpi_agent.sh
## wazuh_agent.sh
## monitoring.sh
## additional_hardening.sh
# 3. Update # 3. Update
Depuis un terminal, Aller dans le dossier. Depuis un terminal, Aller dans le dossier.

2
common.sh
View File

@ -46,6 +46,8 @@ log_message() {
echo "============================================================================================" echo "============================================================================================"
echo "" echo ""
echo -e "${BLUE}[$LEVEL]${NC} $MESSAGE" echo -e "${BLUE}[$LEVEL]${NC} $MESSAGE"
echo ""
echo "============================================================================================"
echo echo
;; ;;
"INFO") "INFO")

3
custom/custom_glpi
View File

@ -1 +1,2 @@
# # variables
GLPI_SERVER="glpi.tips-of-mine.fr"

32
modules/glpi_agent.sh
View File

@ -8,6 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Source common functions and variables # Source common functions and variables
source "./common.sh" source "./common.sh"
source "./custom/custom_glpi"
# Function to install GLPI agent # Function to install GLPI agent
install_glpi_agent() { install_glpi_agent() {
@ -25,7 +26,7 @@ install_glpi_agent() {
libxml-treepp-perl libyaml-perl libnet-cups-perl libnet-ip-perl libwww-perl \ libxml-treepp-perl libyaml-perl libnet-cups-perl libnet-ip-perl libwww-perl \
libparse-edid-perl libproc-daemon-perl libfile-which-perl libhttp-daemon-perl \ libparse-edid-perl libproc-daemon-perl libfile-which-perl libhttp-daemon-perl \
libio-socket-ssl-perl libnet-snmp-perl libcrypt-des-perl libnet-nbname-perl \ libio-socket-ssl-perl libnet-snmp-perl libcrypt-des-perl libnet-nbname-perl \
libdigest-hmac-perl libfusioninventory-agent-task-network-perl libdigest-hmac-perl
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
log_message "ERROR" "Failed to install dependencies for GLPI agent" log_message "ERROR" "Failed to install dependencies for GLPI agent"
@ -38,19 +39,32 @@ install_glpi_agent() {
# Determine system architecture # Determine system architecture
ARCH=$(dpkg --print-architecture) ARCH=$(dpkg --print-architecture)
# URL
URL="https://github.com/glpi-project/glpi-agent/releases"
# latest version
LATEST_VERSION=$(curl -s "$URL" | grep -oP '(?<=/glpi-project/glpi-agent/releases/tag/)[^"]*' | head -1)
# check
if [ -z "$LATEST_VERSION" ]; then
log_message "ERROR" "Failed to version GLPI agent"
fi
# Prepare GLPI agent installation # Prepare GLPI agent installation
TEMP_DIR=$(mktemp -d) TEMP_DIR=$(mktemp -d)
cd "$TEMP_DIR" || return 1 cd "$TEMP_DIR" || return 1
# Download the latest GLPI agent package # Download the latest GLPI agent package
if [ "$ARCH" = "amd64" ]; then if [ "$ARCH" = "amd64" ]; then
DOWNLOAD_URL="https://github.com/glpi-project/glpi-agent/releases/download/1.4/glpi-agent_1.4-1_all.deb" DOWNLOAD_URL="https://github.com/glpi-project/glpi-agent/releases/download/$LATEST_VERSION/glpi-agent_$LATEST_VERSION.deb"
else else
DOWNLOAD_URL="https://github.com/glpi-project/glpi-agent/releases/download/1.4/glpi-agent_1.4-1_all.deb" DOWNLOAD_URL="https://github.com/glpi-project/glpi-agent/releases/download/$LATEST_VERSION/glpi-agent_$LATEST_VERSION.deb"
fi fi
log_message "INFO" "Downloading GLPI agent from $DOWNLOAD_URL" log_message "INFO" "Downloading GLPI agent from $DOWNLOAD_URL"
wget "$DOWNLOAD_URL" -O glpi-agent.deb
#wget "$DOWNLOAD_URL" -O glpi-agent.deb
curl -L -o "glpi-agent_$LATEST_VERSION.deb" "$DOWNLOAD_URL"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
log_message "ERROR" "Failed to download GLPI agent" log_message "ERROR" "Failed to download GLPI agent"
@ -60,12 +74,12 @@ install_glpi_agent() {
# Install the GLPI agent package # Install the GLPI agent package
log_message "INFO" "Installing GLPI agent package" log_message "INFO" "Installing GLPI agent package"
dpkg -i glpi-agent.deb dpkg -i glpi-agent_$LATEST_VERSION.deb
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
log_message "ERROR" "Failed to install GLPI agent package" log_message "ERROR" "Failed to install GLPI agent package"
apt-get install -f -y # Try to fix broken dependencies apt-get install -f -y # Try to fix broken dependencies
dpkg -i glpi-agent.deb dpkg -i glpi-agent_$LATEST_VERSION.deb
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
log_message "ERROR" "Failed to install GLPI agent package after fixing dependencies" log_message "ERROR" "Failed to install GLPI agent package after fixing dependencies"
@ -94,7 +108,7 @@ install_glpi_agent() {
# Generated by security hardening script # Generated by security hardening script
# Server URL - Replace with your actual GLPI server URL # Server URL - Replace with your actual GLPI server URL
server = http://glpi-server/glpi/api/inventory server = https://"$GLPI_SERVER"/glpi/api/inventory
# Disable SSL certificate validation for testing (set to 1 for production) # Disable SSL certificate validation for testing (set to 1 for production)
no-ssl-check = 0 no-ssl-check = 0
# Run as daemon (0 = no, 1 = yes) # Run as daemon (0 = no, 1 = yes)
@ -103,8 +117,8 @@ daemon = 1
logger = File logger = File
logfile = /var/log/glpi-agent/glpi-agent.log logfile = /var/log/glpi-agent/glpi-agent.log
# Scan local network # Scan local network
scan-homedirs = 0 scan-homedirs = 1
scan-profiles = 0 scan-profiles = 1
# Inventory frequency (in hours) # Inventory frequency (in hours)
delaytime = 24 delaytime = 24
# Tag for the agent # Tag for the agent