[ PIM agent silent install on windows ]
@echo on
REM ##############################################
REM 1. pre-install
REM ##############################################
REM -- Install Fiile
REM -- aix: cm12.81_aix.tar
REM -- hpux(parisc): cm12.81_hpux_parisc.tar
REM -- hpux(ia64): cm12.81_hpux_ia64.tar
REM -- linux(x64): cm12.81_linux_x64.tar
REM -- solaris(sparc): cm12.81_sol_sparc.tar
REM -- solaris(x86): cm12.81_sol_x86.tar
REM -- windows: cm12.8_windows.zip (2008 or lower), cm12.81_windows.zip (2012 or higher)
REM (*) run cmd.exe with administration mode
set today=160603
copy /y c:\windows\system32\drivers\etc\hosts c:\windows\system32\drivers\etc\hosts.%today%
echo. >> c:\windows\system32\drivers\etc\hosts
echo #SecureOS Server >> c:\windows\system32\drivers\etc\hosts
echo 10.10.20.216 ENTM >> c:\windows\system32\drivers\etc\hosts
echo 10.10.20.147 ENTM01 >> c:\windows\system32\drivers\etc\hosts
echo 10.10.20.148 ENTM02 >> c:\windows\system32\drivers\etc\hosts
set workdir=c:\ac_backup
if not exist "%workdir%" mkdir %workdir%
REM set ftpcmd=%workdir%\send_ftp.scr
REM
REM echo open 203.246.154.145 > %ftpcmd%
REM echo user seauditor imsi! >> %ftpcmd%
REM echo bin >> %ftpcmd%
REM echo hash >> %ftpcmd%
REM echo cd source >> %ftpcmd%
REM echo lcd d:\ac_backup >> %ftpcmd%
REM echo get cm12.8_windows.zip >> %ftpcmd%
REM echo bye >> %ftpcmd%
REM
REM ftp -n -i -s:%ftpcmd%
REM
REM del %ftpcmd%
pause
REM ##############################################
REM 2. install
REM ##############################################
set install_drive=E:
set SRC_DIR=%install_drive%\source\cm12.8_windows\X64
REM -- INSTALLDIR : Installation Diretory
REM -- APMS_HOST_NAME : APM Host
REM -- DIST_SERVER_NAME : APM Host
REM -- NEW_KEY : communication password
REM -- DOMAIN_LIST : Domain list
set DOMAIN_LIST=domain.com
set APMS_HOST_NAME=ENTM
set DIST_SERVER_NAME=ENTM
set DIST_SERVER_PORT=7243
set NEW_KEY=secret@
set INSTALLDIR=%install_drive%\CA\secureos
set INSTALLLOG=%install_drive%\AC_silent.log
%install_drive%
cd %SRC_DIR%
%SRC_DIR%\RTSDKINSTALL\ISSETUPPREREQUISITES\{A0D7ED43-FCB4-4B3D-A456-978C7A41283C}\VCREDIST_X86.EXE /q
%SRC_DIR%\RTSDKINSTALL\ISSETUPPREREQUISITES\{397E55DF-2B30-4FE1-A4BD-A7DC51DD4AD8}\VCREDIST_X64.EXE /q
setup /s /L1033 /v" /qn /norestart COMMAND=proceed TASK_DELEGATION=1 PUPM_INTEGRATION=1 USE_SSL=0 DOMAIN_LIST=\"%DOMAIN_LIST%\" IMPORT_NT=N IMPORT_USER=0 IMPORT_GROUPS=0 IMPORT_CONNECT_USERS=0 IMPORT_CHANGE_OWNER=0 IMPORT_FROM_DOMAIN=0 ENCRYPTION_METHOD=\"256AES\" CHANGE_ENC_KEY=0 ADV_POLICY_MNGT_CLIENT=1 APMS_HOST_NAME=\"%APMS_HOST_NAME%\" DIST_SERVER_NAME=\"%APMS_HOST_NAME%\" USE_SECURE_COMM=1 DIST_SERVER_PORT=%DIST_SERVER_PORT% NEW_KEY="%NEW_KEY%" INSTALLDIR=\"%INSTALLDIR%\" /l*v \"%INSTALLLOG%\""
notepad %INSTALLLOG%
pause
REM ##############################################
REM 3. post-install
REM ##############################################
set SEC_ADMIN=secureos
set SEC_ADMIN_PWD=adm123!#
set SEC_SERVER=ENTM01, ENTM02
set SEC_DHHOST=DH__@ENTM
%INSTALLDIR%\bin\NtImport -g | %INSTALLDIR%\bin\selang
%INSTALLDIR%\bin\selang -c "eu %SEC_ADMIN% password('%SEC_ADMIN_PWD%') nt comment('SecureOS_ADM')"
%INSTALLDIR%\bin\selang -c "eu %SEC_ADMIN% admin auditor"
%INSTALLDIR%\bin\selang -c "eu %SEC_ADMIN% grace-"
%INSTALLDIR%\bin\selang -c "join %SEC_ADMIN% group('administrators') nt"
%INSTALLDIR%\bin\selang -c "join %SEC_ADMIN% group('remote desktop users') nt"
%INSTALLDIR%\bin\selang -c "auth terminal %COMPUTERNAME% id(%SEC_ADMIN%) acc(all)"
%INSTALLDIR%\bin\selang -c "er terminal (%SEC_SERVER%) defacc(r) owner(nobody)"
%INSTALLDIR%\bin\selang -c "auth terminal (%SEC_SERVER%) id(%SEC_ADMIN%) acc(all)"
%INSTALLDIR%\bin\selang -c "so dh+(%SEC_DHHOST%)"
%INSTALLDIR%\bin\selang -c "so class-(WINSERVICE WEBSERVICE REGVAL REGKEY PROCESS PROGRAM FILE)"
%INSTALLDIR%\bin\selang -c "so cng_ownpwd"
%INSTALLDIR%\bin\selang -c "er specialpgm (C:\WINDOWS\Explorer.exe) owner(nobody) pgmtype(FULLBYPASS)"
%INSTALLDIR%\bin\selang -c "er specialpgm (C:\WINDOWS\system32\svchost.exe) owner(nobody) pgmtype(FULLBYPASS)"
%INSTALLDIR%\bin\selang -c "er specialpgm (C:\WINDOWS\system32\services.exe) owner(nobody) pgmtype(FULLBYPASS)"
REG ADD HKLM\Software\ComputerAssociates\AccessControl\logmgr /v BackUp_Date /d "monthly" /f
REG ADD HKLM\Software\ComputerAssociates\AccessControl\logmgr /v audit_size /d "51200" /f
REG ADD HKLM\Software\ComputerAssociates\AccessControl\lang /v query_size /d "3000" /f
REG ADD HKLM\SOFTWARE\ComputerAssociates\AccessControl\SeOSD /v TerminalSearchOrder /t REG_SZ /d "IP" /f
REG ADD HKLM\SOFTWARE\ComputerAssociates\AccessControl\OS_user /v osuser_enabled /t REG_DWORD /d 0 /f
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\cainstrm /v Start /t REG_DWORD /d 4 /f
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\cainstrm\Parameters /v OperationMode /t REG_DWORD /d 0 /f
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\drveng\Parameters /v DisableNetworkInterception /t REG_DWORD /d 1 /f
REM -- 패치 (Windows Server 2008 R2 이하)
REM -- seoswd.exe
%INSTALLDIR%\bin\secons -s
REM -- backup and patch
copy /y %INSTALLDIR%\bin\seoswd.exe %INSTALLDIR%\bin\seoswd.exe.%today%
ren %INSTALLDIR%\bin\seoswd.exe %INSTALLDIR%\bin\seoswd.exe.old
copy /y %SRC_DIR%\..\patch_seoswd\x64\seoswd.exe %INSTALLDIR%\bin\
No comments:
Post a Comment