Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/ruby
- =begin
- #- Description:
- We need to have a script to perform a periodically review of the user account that have a login permission to all Linux :server.
- our objective is to insure that the users exist on the system is authorized and only a val:id user.
- !! We should have a list of authorized users for each customer !!
- #~~~~~~~~~~~~~~~~~~~~~~~
- #=-Notes-=
- # sudo gem install net-ssh colorize
- # usage: luc.rb -l :server-list.txt
- update-alternatives --config ruby
- update-alternatives --config gem
- #~~~~~~~~~~~~~~~~~~~~~~~
- =end
- require 'rubygems'
- require 'net/ssh'
- require 'colorize'
- require 'parseconfig'
- #require 'highline'
- #require 'crypt/blowfish'
- $log_file = 'log.txt'
- $ok = "[ " + "SUCCESS!".green + " ]"
- $nok = "[ " + "FAILED".red + " ]"
- $time = "[ " + "TIMEOUT".yellow + " ]"
- module Utils
- def cmd
- cmds =
- {
- :users => "awk -F: '$3 >= 500 {print $1,$3,$6}' /etc/passwd" ,
- :lastlog => 'lastlog -u emerg | grep -v "Username" | awk \'{print $6"-"$5"-"$9" @ "$7"("$8")"}\'',
- :ip => "sudo /sbin/ip addr | grep -i inet | grep -v -e inet6 -e 127.0.0.1 | awk '{print $2}'"
- }
- return cmds
- end
- end
- class Connect
- # TODO brute force password & ports
- def initialize(host , user , pass = "redhat" , port = 22)
- include Utils
- @host = host
- @user = user
- @pass = pass
- @port = port
- end
- def ssh
- @ssh = Net::SSH.start( @host , @user , :password => pass , :port => @port , :timeout => 7 )
- end
- end
- class Info
- # We need to retrieve following info from servers
- #-> Customer
- # |--> Server
- # |---> Users
- # |- id
- # |- name
- # |- home
- # |- last login
- # |- Authorization
- =begin
- - Make iterate around each *_servers & *_users and make it as categories
- - check x_users depend on x_servers
- - if x_users is not exist , consider the general one "admin + dbas"
- =end
- def initialize
- @config = ParseConfig.new('/home/conf1.conf')
- end
- def customers
- group_list = @config.groups
- customers_groups = group_list[1..-1] # Exclude "authorized" group
- return customers_groups # ["customer1", "customer2", "customerX"]
- end
- def all_users
- @config['authorized']['users'] = @config['authorized']['users'].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*})
- users = @config['authorized']['users']
- return users # ["user1", "user2", "userX"]
- end
- def servers_category(customer_name)
- all_categories = @config["#{customer_name}"].keys
- servers_category = all_categories.delete_if{|param| param.include?("user")}
- return servers_category # ["x_servers" , "y_servers"]
- end
- def servers(customer_name , category_servers) # It retrieves all server of category
- @config["#{customer_name}"]["#{category_servers}"] = @config["#{customer_name}"]["#{category_servers}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*})
- servers = @config["#{customer_name}"]["#{category_servers}"]
- return servers # ["server1" , "server2" , "serverX"]
- end
- def users_category(customer_name)
- all_categories = @config["#{customer_name}"].keys
- users_category = all_categories.delete_if{|param| param.include?("server")}
- return users_category # ["x_users" , "y_users"]
- end
- def users(customer_name , category_users = all_users) # same "server", It retrieves all users of category
- @config["#{customer_name}"]["#{category_users}"] = @config["#{customer_name}"]["#{category_users}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*})
- users = @config["#{customer_name}"]["#{category_users}"]
- return users # ["user1" , "user2" , "userX"]
- end
- def parse
- end
- end
- =begin
- config = Info.new
- puts "List all customers"
- p config.customers
- puts "List all Users"
- puts "\n\n\n"
- p config.all_users
- puts "\n\n\n"
- puts "List all Customers' Servers Categories"
- config.customers.each do |customer|
- p config.servers_category(customer)
- end
- puts "\n\n\n"
- puts "List all Servers in Categories for each customer"
- config.customers.each do |customer|
- config.servers_category(customer).each do |category|
- p category , config.servers(customer ,category )
- end
- end
- puts "\n\n\n"
- puts "List all Customers' Users Categories"
- config.customers.each do |customer|
- p config.users_category(customer)
- end
- puts "\n\n\n"
- puts "List all Customers' Users Categories"
- config.customers.each do |customer|
- config.users_category(customer).each do |category|
- p customer, category , config.users(customer ,category )
- end
- end
- =end
- #class Lua
- #
- # def initialize
- # @info = Info.new
- # #@ssh = Connect.new
- # end
- #
- #
- #
- # def authorized?
- #
- # end
- #
- # def report
- #
- # end
- #
- #
- #end
- # Good format
- #customing = {
- #
- # :customer1 =>
- # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"},
- # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}],
- # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"},
- # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]} ,
- #
- # :customer2 =>
- # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"},
- # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}],
- # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"},
- # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]}
- #}
- ################
- # customers = [
- # [:customer1 => [[:server1 => [
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"]
- # ]
- # ] ,
- # [:server2 => [
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"]
- # ]
- # ]
- # ]
- # ],
- #
- # [:customer1 => [[:server1 => [
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"]
- # ]
- # ] ,
- # [:server2 => [
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"]
- # ]
- # ]
- # ]
- # ]
- # ]
- #
- #customerss = {
- #
- # :customer1 => [
- # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"]
- # ], # server1
- #
- # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"]
- # ] #server2
- #
- # ] , #cust1
- #
- # :customer2 => [
- # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"]
- # ], # server1
- #
- # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"],
- # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"]
- # ] #server2
- #
- # ] #cust2
- #
- # } # end
- #
- #
- =begin
- Net::SSH.start( host , user , :password => pass , :port => 15000 , :timeout => 7 ) do |ssh|
- ssh.open_channel do |ch1|
- ch1.on_request "exit-status" do |ch2, data|
- $exit_status = data.read_long
- end # end of ch2
- ch1.request_pty do |ch3, success|
- puts ch3.exec("ls")
- if success
- puts "Success!!"
- puts ch3.exec("ls")
- end
- end # end of ch3
- ch1.wait
- end # end of ch1
- end # end of SSH.start
- =end
- #list = ARGV[0]
- #question = HighLine.new
- #pass = question.ask("Enter sudo user password: ") { |q| q.echo = "★" }
- #blowfish = Crypt::Blowfish.new("A key up to 56 bytes long")
- #plainBlock = "ABCD1234"
- #encryptedBlock = blowfish.encrypt_block(plainBlock)
- #decryptedBlock = blowfish.decrypt_block(encryptedBlock)
- #
- #
- #if list == nil
- # puts "Usage: ruby check-my-root.rb [FILE :name]"
- # exit
- #end
- #
- #
- #
- #class Info
- #
- # def initialize
- # @grep = Tempfile.new('.grep.txt')
- # @awk = Tempfile.open('.awk.txt')
- # end
- #
- # def grep(grep)
- # File.open(grep , "r") do |file|
- # file.each_line do |line|
- # File.open(".grep.txt" , "a+") do |grep|
- # grep.puts line if line.include?("http") || line.include?("https") # grep lines has http(stop2list) only
- # end
- # end
- # end
- # end
- #
- # def awk
- # grep_ary = IO.readlines(".grep.txt")
- # grep_ary.each do |line|
- # File.open(".awk.txt" , "a+") do |stop2list|
- # stop2list.puts "#{line.split(" ")[2]}:#{line.split(" ")[6]}" # Write stop2list of format(IP:URL) in .awk.txt
- # end
- # end
- # end
- #
- #
- #
- #end
- #IO.readlines(list).each do |s|
- #
- # begin
- ## user = s.split(":")[1].to_s.chomp
- # Net::SSH.start( s.split(":")[0].to_s.chomp , 'root' , :password => s.split(":")[1].to_s.chomp , :port => 22 , :timeout => 7 ) do |ssh|
- #
- # ssh.open_channel do |ch1|
- #
- # ch1.on_request "exit-status" do |ch2, data|
- # $exit_status = data.read_long
- # end # end of ch2
- #
- # ch1.request_pty do |ch3, success|
- # ch3.exec("ls")
- # if success
- # File.open($log_file , 'a+') {|log| log.puts "#{s.split(":")[0].to_s.chomp}: #{s.split(":")[1].to_s.chomp}"}
- # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$ok}"
- # sleep 0.1
- # end
- # end # end of ch3
- # ch1.wait
- # end # end of ch1
- #
- # end # end of SSH.start
- # rescue Timeout::Error
- # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$time}"
- # rescue
- # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$nok}"
- # end
- #end # end of IO
- #
- #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement