sarjarapu
sarjarapu
/ kerberos-install-krb5-client-user.sh
Created
October 5, 2018 04:52
A bash script to install the Kerberos client and display the Kerberos configuration file on the User machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install the Kerberos client | |
| sudo yum install -y krb5-workstation | |
| # TODO: Copy the /etc/krb5.conf file contents from | |
| # Kerberos Server's config file to the Client's machine | |
| sudo cat /etc/krb5.conf |
sarjarapu
/ kerberos-set-user-permissions.sh
Created
October 5, 2018 04:49
A bash script using mongo client to create replica set and user privileges on $external database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mongo --quiet admin <<EOF | |
| rs.initiate(); | |
| sleep(10000); | |
| db.createUser({user: 'superuser', pwd: 'superuser', roles: ['root']}); | |
| db.auth('superuser', 'superuser'); | |
| use \$external; | |
| db.createUser({user: '[email protected]', roles: [{ role: 'root', db: 'admin'}]}); | |
| db.createUser({user: '[email protected]', roles: [{ role: 'readWrite', db: 'social'}]}); | |
| EOF |
sarjarapu
/ kerberos-configure-set-env.sh
Created
October 5, 2018 04:46
A bash script to configure environment variables and set permissions for the folders
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo klist -k /var/lib/mongo/private/mon01.keytab | |
| # Keytab name: FILE:/var/lib/mongo/private/mon01.keytab | |
| # KVNO Principal | |
| # ---- ------------------------------------------ | |
| # 2 mongodb/[email protected] | |
| # Set the keytab file location in environment variable | |
| echo "KRB5_KTNAME=/var/lib/mongo/private/mon01.keytab" | sudo tee /etc/sysconfig/mongod | |
| # Change the folder ownership to mongod |
sarjarapu
/ kerberos-create-keytab-file.sh
Created
October 5, 2018 04:43
A bash script to help you create the Kerberos keytab file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo ktutil | |
| # ktutil: | |
| # Run the below commands at ktutil prompt | |
| addent -password -p mongodb/mdb01.mdbkrb5.net -k 2 -e aes256-cts | |
| # Password for mongodb/[email protected]: | |
| write_kt /var/lib/mongo/private/mon01.keytab | |
| q |
sarjarapu
/ kerberos-install-mongod.sh
Last active
October 5, 2018 04:41
A bash script to install the MongoDB and set the MongoDB configuration files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo tee /etc/yum.repos.d/mongodb-enterprise.repo << EOF | |
| [mongodb-enterprise] | |
| name=MongoDB Enterprise Repository | |
| baseurl=https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/4.0/\$basearch/ | |
| gpgcheck=1 | |
| enabled=1 | |
| gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc | |
| EOF | |
| # Install the MongoDB server |
sarjarapu
/ kerberos-install-krb5-client.sh
Created
October 5, 2018 04:39
A bash script to install the Kerberos client and display the Kerberos configuration file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install the Kerberos client | |
| sudo yum install -y krb5-workstation | |
| # TODO: Copy the /etc/krb5.conf file contents from | |
| # Kerberos Server's config file to MongoDB server | |
| sudo cat /etc/krb5.conf |
sarjarapu
/ kerberos-create-kdc-db.sh
Last active
October 5, 2018 05:21
A bash script to create a Kerberos database for the Realm and create the Principal entries for the Users, Services etc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create Kerberos database for the realm | |
| sudo kdb5_util create -s -r MDBKRB5.NET | |
| # Loading random data | |
| # Initializing database '/var/kerberos/krb5kdc/principal' for realm 'MDBKRB5.NET', | |
| # master key name 'K/[email protected]' | |
| # You will be prompted for the database Master Password. | |
| # It is important that you NOT FORGET this password. | |
| # Enter KDC database master key: | |
| # Re-enter KDC database master key to verify: |
sarjarapu
/ kerberos-config-files.conf
Last active
October 5, 2018 04:34
The file contents of Kerberos configuration files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # File: /etc/krb5.conf | |
| # Configuration snippets may be placed in this directory as well | |
| includedir /etc/krb5.conf.d/ | |
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| dns_lookup_realm = false | |
| ticket_lifetime = 24h |
sarjarapu
/ kerberos-install-krb5.sh
Created
October 5, 2018 04:32
A bash script to install Kerberos server on KDC server and configure the files with MDBKRB5.NET realm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo yum install -y krb5-server | |
| # Rename the Kerberos Realm name from EXAMPLE.COM to MDBKRB5.NET, or any name of your choice | |
| sudo sed -i 's/EXAMPLE.COM/MDBKRB5.NET/g' /var/kerberos/krb5kdc/kdc.conf | |
| sudo sed -i 's/EXAMPLE.COM/MDBKRB5.NET/g' /var/kerberos/krb5kdc/kadm5.acl | |
| sudo sed -i 's/kerberos.example.com/kdc.mdbkrb5.net/g' /etc/krb5.conf | |
| sudo sed -i 's/example.com/mdbkrb5.net/g' /etc/krb5.conf | |
| sudo sed -i 's/EXAMPLE.COM/MDBKRB5.NET/g' /etc/krb5.conf | |
| sudo sed -i 's/#//g' /etc/krb5.conf | |
| sudo sed -i 's/^ Configuration/# Configuration/g' /etc/krb5.conf |
sarjarapu
/ kerberos-install-ntpd.sh
Created
October 5, 2018 04:30
A bash script to install ntpd service on all three servers (KDC, MongoDB Server and User machine)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run these commands on all 3 servers | |
| # Install NTP to synchronize the clock on all three servers | |
| sudo yum install -y ntp | |
| sudo ntpdate 0.rhel.pool.ntp.org | |
| sudo systemctl start ntpd.service | |
| sudo systemctl enable ntpd.service | |
| # TODO: Fix the below ip addresses based on your lab environment | |
| echo "172.31.10.101 kdc.mdbkrb5.net" | sudo tee -a /etc/hosts | |
| echo "172.31.10.102 mdb01.mdbkrb5.net" | sudo tee -a /etc/hosts |