Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os
- # This application writes a file used by SSH to block user accounts
- # when their shadow password is disabled. It only does it for users
- # in the group 'users' to avoid adding useless denials for things
- # like daemons and services.
- #
- # It solves the problem where SSH users with pubkey auth can still
- # use a system when the account password is voided with this command:
- # passwd -l user
- #
- # This program is licenced under the MIT licence. For more information
- # read the LICENCE file in the directory.
- #
- # It was made for the Tate Dev Ops product Enterprise Gentoo Hardened.
- # this method makes an array of groups of users
- def get_group_users():
- f = open('group.example', 'r') #f is file
- users = [] #obvious
- for l in f: #l is line
- g = l.split(':') #g is group
- if (g[0] == "users"):
- for u in g[3].split(','): #u is user
- users.append(u.rstrip())
- return users
- #this method makes an array of blocked shadow passwords
- def get_users_blacklist(users):
- f = open('shadow.example', 'r') #f is for file
- blacklist = [] #obvious
- for l in f: #l is for line
- s = l.split(':') #s is for shadower
- for u in users: #u is for user
- if (u == s[0]):
- if (s[1] == "!"):
- blacklist.append(u)
- return blacklist
- def write_ssh_blacklist(blacklist):
- f = open('sshd_blacklist_config.example', 'w') #f is file
- ds = "DenyUsers " #d is denystring
- for u in blacklist: #u is users
- ds = ds + " " + u
- f.write(ds)
- f.write('\n')
- f.close()
Add Comment
Please, Sign In to add comment
