Created
September 22, 2020 13:21
-
-
Save CalvinHartwell/05ef38d4cb1bd7d5533d8884f6ab2d36 to your computer and use it in GitHub Desktop.
Zscaler Proxy Example Script for Ubuntu + GNOME including CA Certificate import to browser trust store for Chrome/FF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Some of these files are uploaded to Landscape server | |
| PAC_FILE_LOCATION="http://<zscaler-pac-config-file-location/file.PAC" | |
| CA_TAR="zscaler.tar.gz" | |
| CA_CERTIFICATE_NAME="<zscaler-root-ca-certificate-name-replace-me.crt>" | |
| CERT_DIR_PATH="/usr/local/share/ca-certificates" | |
| # Import ZSCALER Public CA Root Cert | |
| sudo apt-get install libnss3-tools -y | |
| echo "Importing ZScaler Public Cert" | |
| # untar the certificate payload | |
| # $LANDSCAPE_ATTACHMENTS is a special variable which allows us to | |
| # use files attached to the script in Landscape itself. | |
| sudo tar -xvf $LANDSCAPE_ATTACHMENTS/$CA_TAR -C $CERT_DIR_PATH | |
| # convert to PEM for browser trust store | |
| sudo openssl x509 -in $CERT_DIR_PATH/$CA_CERTIFICATE_NAME -out $CERT_DIR_PATH/zscaler.pem | |
| # update OS trust store | |
| sudo update-ca-certificates | |
| certname="zscaler" | |
| certfile="$CERT_DIR_PATH/$CA_CERTIFICATE_NAME" | |
| for certDB in $(sudo find / -name "cert8.db") | |
| do | |
| echo "Patching $certDB" | |
| certdir=$(dirname ${certDB}); | |
| sudo certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir} | |
| done | |
| for certDB in $(sudo find / -name "cert9.db") | |
| do | |
| echo "Patching $certDB" | |
| certdir=$(dirname ${certDB}); | |
| sudo certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir} | |
| done | |
| # Set Pac file config for gnome | |
| echo "Setting the gnome proxy settings in environment file" | |
| sudo cp /etc/environment /etc/environment.back | |
| sudo bash -c "cat > /etc/environment <<EOL | |
| PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" | |
| PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" | |
| gsettings set org.gnome.system.proxy mode 'auto' | |
| gsettings set org.gnome.system.proxy autoconfig-url '$PAC_FILE_LOCATION' | |
| EOL" | |
| echo "Setting the gnome proxy settings" | |
| USER_LIST=$(sudo awk -F: '{ print $1}' /etc/passwd) | |
| for USER in $USER_LIST; do | |
| { | |
| sudo runuser -l $USER -c "gsettings set org.gnome.system.proxy mode 'auto'" > /dev/null 2>&1 | |
| sudo runuser -l $USER -c "gsettings set org.gnome.system.proxy autoconfig-url $PAC_FILE_LOCATION" > /dev/null 2>&1 | |
| echo "Gnome proxy settings have been changed for $USER" | |
| } || { | |
| echo "Cannot set gnome settings for $USER, most likely a system account" | |
| } | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment