suppression conf auto et ajout fichier de conf forticlient

2024-10-16 12:11:22 +02:00
parent c51cb064ef
commit 5dffcec44a
4 changed files with 403 additions and 77 deletions
--- a/VPN_Forticlient/Installation_vpn.sh
+++ b/VPN_Forticlient/Installation_vpn.sh
@@ -18,10 +18,10 @@ func_Installation_vpn()
 ##Définition des variables
 folder=$(pwd) ##dossier local
 log_erreurs="$folder/err_log.log"
-script_conf="$folder/VPN_Forticlient/configuration_vpn.sh"
 CERT_PATH1="$folder/VPN_Forticlient/client.pfx"
 CERT_PATH2="/opt/forticlient/client.pfx"

+
 #=======================================================================
 ##Définition des fonctions
 func_dependances(){
@@ -40,7 +40,7 @@ func_installation(){

 #=======================================================================
 ##Script
-echo "Mise a jour dependances pour l'installation du vpn"
+echo -e "\033[1m Mise a jour dependances pour l'installation du vpn\033[0m"
 	if func_dependances 2>> $log_erreurs; then
 		echo "Mise a jour dependances nécessaire à l'installation du vpn réussie"
 	else
@@ -50,7 +50,7 @@ echo "Mise a jour dependances pour l'installation du vpn"
 	fi
    sleep 2

-echo "Installation du vpn"
+echo "\033[1m Installation du vpn\033[0m"
 	if func_installation 2>> $log_erreurs; then
 		echo "Installation du vpn réussie"
 	else
@@ -60,14 +60,10 @@ echo "Installation du vpn"
 	fi
    sleep 2

-echo "Configuration du vpn"
-    chmod +x $script_conf
-    if script_conf 2>> $log_erreurs; then
-    	echo "Configuration du vpn réussie"
-	else
-		echo "Erreur lors de la configuration du vpn"
-		echo "logs d'erreurs disponibles dans le fichier: $log_erreurs"
-        exit 1
-	fi
-    sleep 2
+echo "\033[1m Configuration du vpn \033[0m"
+echo "Pour configurer la connexion vpn, charger dans le forticlient le fichier forti_7_linux.conf"
+echo "Emplacement du fichier /tmp/Deploiement_debian/VPN_Forticlient/forti_7_linux.conf\n"
+echo "Saisir le mot de passe du certificat dans les paramètres de la connexion"
+echo "Le mot de passe est dans le keypass du service infra"
+
 }
--- a/VPN_Forticlient/configuration_vpn.sh
+++ b/VPN_Forticlient/configuration_vpn.sh
@@ -1,63 +0,0 @@
-#!/usr/bin/expect
-#=======================================================================
-# FILE: ~configuration_vpn.sh
-# USAGE: ./~configuration_vpn.sh
-# DESCRIPTION: Installation et paramétrage du vpn-ssl forticlient sur
-# les postes Utilisateurs Debian 
-#
-# OPTIONS: ---
-# REQUIREMENTS: ---
-# BUGS: ---
-# NOTES: ---
-# AUTHOR: Maxime Tertrais
-# COMPANY: Operis
-# CREATED: 15/10/2024
-# REVISION: ---
-#=======================================================================
-##Définition des variables
-NOM_CONNEXION="VPN-Operis"
-SERVER_VPN="champlan.operis.fr" #serveur à joindre
-PORT_VPN="10443" #port du vpn à joindre
-AUTH_TYPE="1" #demande de saisir les Id de l'AD
-CERT_PATH="/opt/forticlient/client.pfx"
-CERT_PSWD="Operis123"
-#=======================================================================
-##Définition des fonctions
-
-#=======================================================================
-##Script
-
-set timeout -1
-
-# Lancer le script fortivpn
-spawn fortivpn edit $NOM_CONNEXION
-
-# Fournir l'adresse du serveur
-expect "Remote Gateway"  # Le texte exact affiché par le script
-sleep 1
-send "$SERVER_VPN\r"
-
-# Fournir le n° de port
-expect "Port"
-sleep 1
-send "$PORT_VPN\r"
-
-# Fournir la méthode d'identification
-expect "Authentication"
-sleep 1
-send "$AUTH_TYPE\r"
-
-# Fournir le certificat client
-expect "Client Certificate"
-sleep 1
-send "$CERT_PATH\r"
-
-# Fournir le certificat client
-expect "Client Certificate password"
-sleep 1
-send "$CERT_PSWD\r"
-
-# Attendre la fin
-expect eof
-
-}
--- a/VPN_Forticlient/forti_7_linux.conf
+++ b/VPN_Forticlient/forti_7_linux.conf
@@ -0,0 +1,393 @@
+<?xml version="1.0" encoding="utf-8"?>
+<forticlient_configuration authentication="1031f251fdb00c34e157292485b93d7278572fe49e">
+	<forticlient_version>6.0.10.297</forticlient_version>
+	<version>6.0.10</version>
+	<date>2022/04/13</date>
+	<partial_configuration>0</partial_configuration>
+	<os_version>windows</os_version>
+	<system>
+		<ui>
+			<disable_backup>0</disable_backup>
+			<ads>1</ads>
+			<default_tab>COMP</default_tab>
+			<flashing_system_tray_icon>1</flashing_system_tray_icon>
+			<hide_system_tray_icon>0</hide_system_tray_icon>
+			<show_host_tag>0</show_host_tag>
+			<suppress_admin_prompt>0</suppress_admin_prompt>
+			<password/>
+			<culture_code>os-default</culture_code>
+			<gpu_rendering>0</gpu_rendering>
+			<hide_user_info>0</hide_user_info>
+			<lock/>
+			<replacement_messages>
+				<quarantine>
+					<title>
+						<title/>
+					</title>
+					<statement>
+						<remediation/>
+					</statement>
+					<remediation>
+						<remediation/>
+					</remediation>
+				</quarantine>
+			</replacement_messages>
+			<allow_shutdown_when_registered/>
+		</ui>
+		<log_settings>
+			<onnet_local_logging>1</onnet_local_logging>
+			<level>6</level>
+			<log_events>ipsecvpn,sslvpn,scheduler,update,firewall,proxy,shield,endpoint,configd,vuln</log_events>
+			<remote_logging>
+				<log_upload_enabled>0</log_upload_enabled>
+				<log_upload_server/>
+				<log_upload_ssl_enabled>1</log_upload_ssl_enabled>
+				<log_retention_days>90</log_retention_days>
+				<log_upload_freq_minutes>120</log_upload_freq_minutes>
+				<log_generation_timeout_secs>900</log_generation_timeout_secs>
+				<netlog_categories>7</netlog_categories>
+				<send_os_events>
+					<enabled/>
+					<interval>120</interval>
+				</send_os_events>
+			</remote_logging>
+		</log_settings>
+		<proxy>
+			<update>0</update>
+			<online_scep>0</online_scep>
+			<virus_submission>0</virus_submission>
+			<type>http</type>
+			<address/>
+			<port>80</port>
+			<username>Enc 76675e071f1c96929d9f1d7611b457f5ed0028531e950638</username>
+			<password/>
+		</proxy>
+		<update>
+			<use_custom_server>0</use_custom_server>
+			<server/>
+			<port>80</port>
+			<timeout>60</timeout>
+			<failoverport>8000</failoverport>
+			<fail_over_to_fdn>1</fail_over_to_fdn>
+			<use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn>
+			<auto_patch>0</auto_patch>
+			<submit_virus_info_to_fds>1</submit_virus_info_to_fds>
+			<update_action>notify_only</update_action>
+			<restrict_services_to_regions/>
+			<use_legacy_fdn>1</use_legacy_fdn>
+			<ocsp_mode>1</ocsp_mode>
+			<scheduled_update>
+				<enabled>1</enabled>
+				<type>interval</type>
+				<daily_at>01:50</daily_at>
+				<update_interval_in_hours>1</update_interval_in_hours>
+			</scheduled_update>
+		</update>
+		<fortiproxy>
+			<enabled>0</enabled>
+			<enable_https_proxy>1</enable_https_proxy>
+			<http_timeout>60</http_timeout>
+			<client_comforting>
+				<pop3_client>1</pop3_client>
+				<pop3_server>1</pop3_server>
+				<smtp>1</smtp>
+			</client_comforting>
+			<selftest>
+				<enabled>1</enabled>
+				<last_port>65535</last_port>
+				<notify>1</notify>
+			</selftest>
+		</fortiproxy>
+		<certificates>
+			<crl>
+				<ocsp/>
+			</crl>
+			<hdd/>
+			<ca/>
+		</certificates>
+		<user_identity>
+			<enable_manually_entering>1</enable_manually_entering>
+			<enable_linkedin>1</enable_linkedin>
+			<enable_google>1</enable_google>
+			<enable_salesforce>1</enable_salesforce>
+			<notify_user/>
+		</user_identity>
+	</system>
+	<endpoint_control>
+		<enabled>1</enabled>
+		<socket_connect_timeouts>1:5</socket_connect_timeouts>
+		<disable_unregister>0</disable_unregister>
+		<disable_fgt_switch>0</disable_fgt_switch>
+		<show_bubble_notifications>1</show_bubble_notifications>
+		<silent_registration>0</silent_registration>
+		<notify_fgt_on_logoff>1</notify_fgt_on_logoff>
+		<avatar_enabled>1</avatar_enabled>
+		<send_software_inventory>0</send_software_inventory>
+		<ui>
+			<display_antivirus>1</display_antivirus>
+			<display_webfilter>1</display_webfilter>
+			<display_firewall>1</display_firewall>
+			<display_vpn>1</display_vpn>
+			<display_vulnerability_scan>1</display_vulnerability_scan>
+			<display_sandbox>1</display_sandbox>
+			<display_compliance>1</display_compliance>
+			<display_ztna>0</display_ztna>
+			<hide_compliance_warning>0</hide_compliance_warning>
+		</ui>
+		<forticloud>
+			<server/>
+			<invitation_code/>
+		</forticloud>
+		<invalid_cert_action>warn</invalid_cert_action>
+	</endpoint_control>
+	<antivirus>
+		<enabled>1</enabled>
+		<signature_expired_notification>0</signature_expired_notification>
+		<scan_on_insertion>0</scan_on_insertion>
+		<shell_integration>1</shell_integration>
+		<antirootkit>4294967295</antirootkit>
+		<fortiguard_analytics>1</fortiguard_analytics>
+		<multi_process_limit>1</multi_process_limit>
+		<block_removable_media>0</block_removable_media>
+		<on_demand_scanning>
+			<use_extreme_db>1</use_extreme_db>
+			<on_virus_found>4</on_virus_found>
+			<pause_on_battery_power>1</pause_on_battery_power>
+			<signature_load_memory_threshold>8</signature_load_memory_threshold>
+			<automatic_virus_submission>
+				<enabled>0</enabled>
+				<smtp_server>fortinetvirussubmit.com</smtp_server>
+				<username/>
+				<password/>
+			</automatic_virus_submission>
+			<compressed_files>
+				<scan>1</scan>
+				<maxsize>0</maxsize>
+			</compressed_files>
+			<riskware>
+				<enabled>1</enabled>
+			</riskware>
+			<adware>
+				<enabled>1</enabled>
+			</adware>
+			<heuristic_scanning>
+				<level>3</level>
+				<action>2</action>
+			</heuristic_scanning>
+			<exclusions>
+				<file_types>
+					<extensions/>
+				</file_types>
+			</exclusions>
+		</on_demand_scanning>
+		<real_time_protection>
+			<enabled>1</enabled>
+			<use_extreme_db>0</use_extreme_db>
+			<when>4</when>
+			<ignore_system_when>2</ignore_system_when>
+			<on_virus_found>4</on_virus_found>
+			<popup_alerts>1</popup_alerts>
+			<popup_registry_alerts>0</popup_registry_alerts>
+			<bypass_java>0</bypass_java>
+			<cloud_based_detection>
+				<on_virus_found>4</on_virus_found>
+			</cloud_based_detection>
+			<sandboxing>
+				<use_sandbox_signatures>0</use_sandbox_signatures>
+				<sandbox_server/>
+			</sandboxing>
+			<compressed_files>
+				<scan>1</scan>
+				<maxsize>10</maxsize>
+			</compressed_files>
+			<riskware>
+				<enabled>1</enabled>
+			</riskware>
+			<adware>
+				<enabled>1</enabled>
+			</adware>
+			<heuristic_scanning>
+				<level>0</level>
+				<action>3</action>
+			</heuristic_scanning>
+			<exclusions>
+				<file_types>
+					<extensions>.7z,.arj,.bzip,.bzip2,.cab,.gzip,.lzh,.msc,.rar,.tar,.tgz,.zip</extensions>
+				</file_types>
+			</exclusions>
+		</real_time_protection>
+		<email>
+			<smtp>1</smtp>
+			<pop3>1</pop3>
+			<outlook>1</outlook>
+			<wormdetection>
+				<enabled>0</enabled>
+				<action>0</action>
+			</wormdetection>
+			<heuristic_scanning>
+				<enabled>0</enabled>
+				<action>0</action>
+			</heuristic_scanning>
+			<mime_scanning>
+				<enabled>0</enabled>
+			</mime_scanning>
+		</email>
+		<quarantine>
+			<cullage>100</cullage>
+		</quarantine>
+		<server>
+			<exchange>
+				<integrate>0</integrate>
+				<action>0</action>
+				<excludefilesystemfromscanning>0</excludefilesystemfromscanning>
+				<excludefileextensionsfromscanning>0</excludefileextensionsfromscanning>
+			</exchange>
+			<sqlserver>
+				<excludefilesystemfromscanning>0</excludefilesystemfromscanning>
+				<excludefileextensionsfromscanning>0</excludefileextensionsfromscanning>
+			</sqlserver>
+		</server>
+		<sandboxing>
+			<use_sandbox_signatures>0</use_sandbox_signatures>
+		</sandboxing>
+		<scheduled_scans>
+			<ignore_3rd_party_av_conflicts>0</ignore_3rd_party_av_conflicts>
+			<scan_type>full</scan_type>
+			<full>
+				<enabled>0</enabled>
+				<repeat>2</repeat>
+				<day_of_month>1</day_of_month>
+				<time>12:00</time>
+				<removable_media>1</removable_media>
+				<network_drives>0</network_drives>
+				<priority>0</priority>
+				<days>7</days>
+			</full>
+			<directory>
+				<enabled>0</enabled>
+				<directory/>
+				<repeat>2</repeat>
+				<day_of_month>1</day_of_month>
+				<time>12:00</time>
+				<removable_media>1</removable_media>
+				<network_drives>0</network_drives>
+				<priority>0</priority>
+				<days>7</days>
+			</directory>
+			<quick>
+				<enabled>0</enabled>
+				<repeat>2</repeat>
+				<day_of_month>1</day_of_month>
+				<time>12:00</time>
+				<removable_media>1</removable_media>
+				<network_drives>0</network_drives>
+				<priority>0</priority>
+				<days>7</days>
+			</quick>
+		</scheduled_scans>
+	</antivirus>
+	<vulnerability_scan>
+		<enabled>1</enabled>
+		<scan_on_registration>0</scan_on_registration>
+		<scan_on_signature_update>0</scan_on_signature_update>
+		<proxy_enabled>0</proxy_enabled>
+		<auto_patch>
+			<level>high</level>
+		</auto_patch>
+		<scheduled_scans>
+			<schedule>
+				<repeat>1</repeat>
+				<day>1</day>
+				<time>19:30</time>
+			</schedule>
+		</scheduled_scans>
+		<scan_on_fgt_registration/>
+		<windows_update>1</windows_update>
+		<exempt_manual/>
+		<exemptions/>
+		<exempt_no_auto_patch/>
+	</vulnerability_scan>
+	<sandboxing>
+		<enabled>0</enabled>
+		<address/>
+		<response_timeout>0</response_timeout>
+		<when>
+			<executables_on_removable_media/>
+			<executables_on_mapped_nw_drives/>
+			<web_downloads/>
+			<email_downloads/>
+		</when>
+		<remediation>
+			<action/>
+			<on_error/>
+		</remediation>
+		<exceptions>
+			<exclude_files_from_trusted_sources/>
+			<exclude_files_and_folders/>
+			<folders/>
+			<files/>
+		</exceptions>
+	</sandboxing>
+	<removable_media_access>
+		<enabled/>
+		<show_bubble_notifications/>
+		<action>allow</action>
+	</removable_media_access>
+	<vpn>
+		<options>
+			<current_connection_name>Operis</current_connection_name>
+			<autoconnect_tunnel/>
+			<autoconnect_only_when_offnet>0</autoconnect_only_when_offnet>
+			<keep_running_max_retries/>
+			<allow_personal_vpns>1</allow_personal_vpns>
+			<disable_connect_disconnect>0</disable_connect_disconnect>
+			<minimize_window_on_connect>1</minimize_window_on_connect>
+			<inherit_local_dns>0</inherit_local_dns>
+			<dns_service_resetting_interval>0</dns_service_resetting_interval>
+			<suppress_vpn_notification>0</suppress_vpn_notification>
+		</options>
+		<sslvpn>
+			<options>
+				<enabled>1</enabled>
+				<block_ipv6>0</block_ipv6>
+				<warn_invalid_server_certificate>1</warn_invalid_server_certificate>
+				<prefer_sslvpn_dns>1</prefer_sslvpn_dns>
+			</options>
+			<connections>
+				<connection>
+					<name>VPN-Operis</name>
+					<description/>
+					<server>champlan.operis.fr:10443</server>
+					<username/>
+					<password/>
+					<certificate>file%3A%2F%2F%2Fopt%2Fforticlient%2Fclient.pfx</certificate>
+					<prompt_certificate>0</prompt_certificate>
+					<prompt_username>1</prompt_username>
+					<keep_running>0</keep_running>
+					<fgt>0</fgt>
+					<ui>
+						<show_remember_password>0</show_remember_password>
+						<show_alwaysup>0</show_alwaysup>
+						<show_autoconnect>0</show_autoconnect>
+						<ems_allow_show_remember_password>0</ems_allow_show_remember_password>
+						<ems_allow_show_alwaysup>0</ems_allow_show_alwaysup>
+						<ems_allow_show_autoconnect>0</ems_allow_show_autoconnect>
+						<save_username>0</save_username>
+						<save_password>0</save_password>
+					</ui>
+					<disclaimer_msg/>
+					<sso_enabled>0</sso_enabled>
+					<use_external_browser>0</use_external_browser>
+					<vpn_type/>
+				</connection>
+			</connections>
+		</sslvpn>
+	</vpn>
+	<ztna>
+		<enabled/>
+		<allow_personal_rules>1</allow_personal_rules>
+		<disallow_invalid_server_certificate/>
+		<rules/>
+	</ztna>
+</forticlient_configuration>
+
--- a/deploiement_main.sh
+++ b/deploiement_main.sh
@@ -22,7 +22,7 @@ source "$folder/Malwarebytes_linux/malwarebytes.sh"
 source "$folder/Integration_domain/integration_domain.sh"
 source "$folder/OCS_Linux/ocs.sh"
 source "$folder/Laps_Linux/installation_laps.sh"
-source "$folder/VPN_Forticlient/installation_vpn.sh"
+source "$folder/VPN_Forticlient/Installation_vpn.sh"
 source "$folder/Agent_Wazhu/installation_wazhu.sh"
 #source "paramétrage des depots"
 #source "installation des paquets métier"