Created
September 22, 2020 13:21
-
-
Save CalvinHartwell/05ef38d4cb1bd7d5533d8884f6ab2d36 to your computer and use it in GitHub Desktop.
Revisions
-
CalvinHartwell created this gist
Sep 22, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,60 @@ #!/bin/bash # Some of these files are uploaded to Landscape server PAC_FILE_LOCATION="http://<zscaler-pac-config-file-location/file.PAC" CA_TAR="zscaler.tar.gz" CA_CERTIFICATE_NAME="<zscaler-root-ca-certificate-name-replace-me.crt>" CERT_DIR_PATH="/usr/local/share/ca-certificates" # Import ZSCALER Public CA Root Cert sudo apt-get install libnss3-tools -y echo "Importing ZScaler Public Cert" # untar the certificate payload # $LANDSCAPE_ATTACHMENTS is a special variable which allows us to # use files attached to the script in Landscape itself. sudo tar -xvf $LANDSCAPE_ATTACHMENTS/$CA_TAR -C $CERT_DIR_PATH # convert to PEM for browser trust store sudo openssl x509 -in $CERT_DIR_PATH/$CA_CERTIFICATE_NAME -out $CERT_DIR_PATH/zscaler.pem # update OS trust store sudo update-ca-certificates certname="zscaler" certfile="$CERT_DIR_PATH/$CA_CERTIFICATE_NAME" for certDB in $(sudo find / -name "cert8.db") do echo "Patching $certDB" certdir=$(dirname ${certDB}); sudo certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir} done for certDB in $(sudo find / -name "cert9.db") do echo "Patching $certDB" certdir=$(dirname ${certDB}); sudo certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir} done # Set Pac file config for gnome echo "Setting the gnome proxy settings in environment file" sudo cp /etc/environment /etc/environment.back sudo bash -c "cat > /etc/environment <<EOL PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" gsettings set org.gnome.system.proxy mode 'auto' gsettings set org.gnome.system.proxy autoconfig-url '$PAC_FILE_LOCATION' EOL" echo "Setting the gnome proxy settings" USER_LIST=$(sudo awk -F: '{ print $1}' /etc/passwd) for USER in $USER_LIST; do { sudo runuser -l $USER -c "gsettings set org.gnome.system.proxy mode 'auto'" > /dev/null 2>&1 sudo runuser -l $USER -c "gsettings set org.gnome.system.proxy autoconfig-url $PAC_FILE_LOCATION" > /dev/null 2>&1 echo "Gnome proxy settings have been changed for $USER" } || { echo "Cannot set gnome settings for $USER, most likely a system account" } done