Created
March 7, 2016 12:23
-
-
Save tuxnker/4412a1d6b09b9dbff088 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -ne 2 ]; then | |
| echo "Specify the environment you want to run the report on as defined in ansible hosts" | |
| exit 1 | |
| fi | |
| ANSIBLE_GROUP=$1 | |
| USER=$2 | |
| #clear save-user fingerprint | |
| rm -f /tmp/local_users | |
| #clear local users fingerprint | |
| rm -f /tmp/local_users | |
| #generate fingerprint for the saved Users | |
| for users in /users/*.pub; do | |
| ssh-keygen -l -f $users >> /tmp/local_users | |
| done | |
| #fetch list of remote authorized_keys | |
| export PYTHONUNBUFFERED=1 | |
| ansible-playbook check-users-keys.yaml -i $ANSIBLE_GROUP -u $USER | |
| # | |
| for f in reports/remote-authorized/*.txt; do | |
| echo "Users with access to `basename -s .txt $f`" | |
| echo | |
| while read l ; do | |
| if [ -z "$l" ];then | |
| continue | |
| fi | |
| FINGERPRINT=`[[ -n $l && ${l###} = $l ]] && ssh-keygen -l -f /dev/stdin <<<$l` | |
| echo $FINGERPRINT|awk '{print $2}'| while read ll ; do | |
| STR=`grep $ll /tmp/local_users` | |
| if [ $? -ne 0 ] | |
| then | |
| echo "`echo -n $l |awk '{print $3}'` $ll not in stored keys" | |
| else | |
| echo $STR| awk "{print \"`basename -s .txt $f`\" \" \" \$3 \" \" \$4 }" | |
| fi | |
| done | |
| done < $f | |
| echo | |
| echo | |
| done | |
| cat reports/remote-authorized/lsuser-* | sort |tee reports/remote-authorized/lsuser_report |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment