SHOW:
|
|
- or go back to the newest paste.
| 1 | import os | |
| 2 | ||
| 3 | # This application writes a file used by SSH to block user accounts | |
| 4 | # when their shadow password is disabled. It only does it for users | |
| 5 | # in the group 'users' to avoid adding useless denials for things | |
| 6 | # like daemons and services. | |
| 7 | # | |
| 8 | # It solves the problem where SSH users with pubkey auth can still | |
| 9 | # use a system when the account password is voided with this command: | |
| 10 | # passwd -l user | |
| 11 | # | |
| 12 | # This program is licenced under the MIT licence. For more information | |
| 13 | # read the LICENCE file in the directory. | |
| 14 | # | |
| 15 | # It was made for the Tate Dev Ops product Enterprise Gentoo Hardened. | |
| 16 | ||
| 17 | # this method makes an array of groups of users | |
| 18 | def get_group_users(): | |
| 19 | f = open('group.example', 'r') #f is file
| |
| 20 | ||
| 21 | users = [] #obvious | |
| 22 | for l in f: #l is line | |
| 23 | g = l.split(':') #g is group
| |
| 24 | if (g[0] == "users"): | |
| 25 | for u in g[3].split(','): #u is user
| |
| 26 | users.append(u.rstrip()) | |
| 27 | ||
| 28 | return users | |
| 29 | ||
| 30 | #this method makes an array of blocked shadow passwords | |
| 31 | def get_users_blacklist(users): | |
| 32 | f = open('shadow.example', 'r') #f is for file
| |
| 33 | ||
| 34 | blacklist = [] #obvious | |
| 35 | for l in f: #l is for line | |
| 36 | s = l.split(':') #s is for shadower
| |
| 37 | for u in users: #u is for user | |
| 38 | if (u == s[0]): | |
| 39 | if (s[1] == "!"): | |
| 40 | blacklist.append(u) | |
| 41 | ||
| 42 | return blacklist | |
| 43 | ||
| 44 | def write_ssh_blacklist(blacklist): | |
| 45 | f = open('sshd_blacklist_config.example', 'w') #f is file
| |
| 46 | ||
| 47 | ds = "DenyUsers " #d is denystring | |
| 48 | ||
| 49 | for u in blacklist: #u is users | |
| 50 | - | ds = ds + u |
| 50 | + | ds = ds + " " + u |
| 51 | ||
| 52 | f.write(ds) | |
| 53 | f.write('\n')
| |
| 54 | f.close() |
