Created
August 11, 2012 10:32
-
-
Save KINGSABRI/3323660 to your computer and use it in GitHub Desktop.
Linux User Auditor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ruby | |
| =begin | |
| #- Description: | |
| We need to have a script to perform a periodically review of the user account that have a login permission to all Linux server. | |
| our objective is to insure that the users exist on the system is authorized and only a valid user. | |
| #-> Keys | |
| - Check users , find valid & invalid users | |
| - check UID more than 500 or 1000(fedora) | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| #=-Notes-= | |
| # sudo gem install net-ssh colorize | |
| # usage: luc.rb -l server-list.txt | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| =end | |
| require 'rubygems' | |
| require 'net/ssh' | |
| require 'colorize' | |
| require 'highline' | |
| require 'crypt/blowfish' | |
| $log_file = 'log.txt' | |
| $ok = "[ " + "SUCCESS!".green + " ]" | |
| $nok = "[ " + "FAILED".red + " ]" | |
| $time = "[ " + "TIMEOUT".yellow + " ]" | |
| list = ARGV[0] | |
| question = HighLine.new | |
| pass = question.ask("Enter sudo user password: ") { |q| q.echo = "★" } | |
| blowfish = Crypt::Blowfish.new("A key up to 56 bytes long") | |
| plainBlock = "ABCD1234" | |
| encryptedBlock = blowfish.encrypt_block(plainBlock) | |
| decryptedBlock = blowfish.decrypt_block(encryptedBlock) | |
| if list == nil | |
| puts "Usage: ruby check-my-root.rb [FILE NAME]" | |
| exit | |
| end | |
| IO.readlines(list).each do |s| | |
| begin | |
| # user = s.split(":")[1].to_s.chomp | |
| Net::SSH.start( s.split(":")[0].to_s.chomp , 'root' , :password => s.split(":")[1].to_s.chomp , :port => 22 , :timeout => 7 ) do |ssh| | |
| ssh.open_channel do |ch1| | |
| ch1.on_request "exit-status" do |ch2, data| | |
| $exit_status = data.read_long | |
| end # end of ch2 | |
| ch1.request_pty do |ch3, success| | |
| ch3.exec("ls") | |
| if success | |
| File.open($log_file , 'a+') {|log| log.puts "#{s.split(":")[0].to_s.chomp}: #{s.split(":")[1].to_s.chomp}"} | |
| puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$ok}" | |
| sleep 0.1 | |
| end | |
| end # end of ch3 | |
| ch1.wait | |
| end # end of ch1 | |
| end # end of SSH.start | |
| rescue Timeout::Error | |
| puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$time}" | |
| rescue | |
| puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$nok}" | |
| end | |
| end # end of IO | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ruby | |
| =begin | |
| #- Description: | |
| We need to have a script to perform a periodically review of the user account that have a login permission to all Linux :server. | |
| our objective is to insure that the users exist on the system is authorized and only a val:id user. | |
| !! We should have a list of authorized users for each customer !! | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| #=-Notes-= | |
| # sudo gem install net-ssh colorize | |
| # usage: luc.rb -l :server-list.txt | |
| update-alternatives --config ruby | |
| update-alternatives --config gem | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| =end | |
| require 'rubygems' | |
| require 'net/ssh' | |
| require 'colorize' | |
| require 'parseconfig' | |
| #require 'highline' | |
| #require 'crypt/blowfish' | |
| $log_file = 'log.txt' | |
| $ok = "[ " + "SUCCESS!".green + " ]" | |
| $nok = "[ " + "FAILED".red + " ]" | |
| $time = "[ " + "TIMEOUT".yellow + " ]" | |
| module Utils | |
| def cmd | |
| cmds = | |
| { | |
| :users => "awk -F: '$3 >= 500 {print $1,$3,$6}' /etc/passwd" , | |
| :lastlog => 'lastlog -u emerg | grep -v "Username" | awk \'{print $6"-"$5"-"$9" @ "$7"("$8")"}\'', | |
| :ip => "sudo /sbin/ip addr | grep -i inet | grep -v -e inet6 -e 127.0.0.1 | awk '{print $2}'" | |
| } | |
| return cmds | |
| end | |
| end | |
| class Connect | |
| # TODO brute force password & ports | |
| def initialize(host , user , pass = "redhat" , port = 22) | |
| include Utils | |
| @host = host | |
| @user = user | |
| @pass = pass | |
| @port = port | |
| end | |
| def ssh | |
| @ssh = Net::SSH.start( @host , @user , :password => pass , :port => @port , :timeout => 7 ) | |
| end | |
| end | |
| class Info | |
| #-> Customer | |
| # |--> Server | |
| # |---> Users | |
| # |- id | |
| # |- name | |
| # |- home | |
| # |- last login | |
| # |- Authorization | |
| =begin | |
| - Make iterate around each *_servers & *_users and make it as categories | |
| - check x_users depend on x_servers | |
| - if x_users is not exist , consider the general one "admin + dbas" | |
| =end | |
| def initialize | |
| @config = ParseConfig.new('/home/conf1.conf') | |
| end | |
| def customers | |
| group_list = @config.groups | |
| customers_groups = group_list[1..-1] # Exclude "authorized" group | |
| return customers_groups # ["customer1", "customer2", "customerX"] | |
| end | |
| def all_users | |
| @config['authorized']['users'] = @config['authorized']['users'].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config['authorized']['users'] | |
| return users # ["user1", "user2", "userX"] | |
| end | |
| def servers_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| servers_category = all_categories.delete_if{|param| param.include?("user")} | |
| return servers_category # ["x_servers" , "y_servers"] | |
| end | |
| def servers(customer_name , category_servers) # It retrieves all server of category | |
| @config["#{customer_name}"]["#{category_servers}"] = @config["#{customer_name}"]["#{category_servers}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| servers = @config["#{customer_name}"]["#{category_servers}"] | |
| return servers # ["server1" , "server2" , "serverX"] | |
| end | |
| def users_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| users_category = all_categories.delete_if{|param| param.include?("server")} | |
| return users_category # ["x_users" , "y_users"] | |
| end | |
| def users(customer_name , category_users = all_users) # same "server", It retrieves all users of category | |
| @config["#{customer_name}"]["#{category_users}"] = @config["#{customer_name}"]["#{category_users}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config["#{customer_name}"]["#{category_users}"] | |
| return users # ["user1" , "user2" , "userX"] | |
| end | |
| def parse | |
| end | |
| end | |
| =begin | |
| config = Info.new | |
| puts "List all customers" | |
| p config.customers | |
| puts "List all Users" | |
| puts "\n\n\n" | |
| p config.all_users | |
| puts "\n\n\n" | |
| puts "List all Customers' Servers Categories" | |
| config.customers.each do |customer| | |
| p config.servers_category(customer) | |
| end | |
| puts "\n\n\n" | |
| puts "List all Servers in Categories for each customer" | |
| config.customers.each do |customer| | |
| config.servers_category(customer).each do |category| | |
| p category , config.servers(customer ,category ) | |
| end | |
| end | |
| puts "\n\n\n" | |
| puts "List all Customers' Users Categories" | |
| config.customers.each do |customer| | |
| p config.users_category(customer) | |
| end | |
| puts "\n\n\n" | |
| puts "List all Customers' Users Categories" | |
| config.customers.each do |customer| | |
| config.users_category(customer).each do |category| | |
| p customer, category , config.users(customer ,category ) | |
| end | |
| end | |
| =end | |
| #class Lua | |
| # | |
| # def initialize | |
| # @info = Info.new | |
| # #@ssh = Connect.new | |
| # end | |
| # | |
| # | |
| # | |
| # def authorized? | |
| # | |
| # end | |
| # | |
| # def report | |
| # | |
| # end | |
| # | |
| # | |
| #end | |
| # Good format | |
| #customing = { | |
| # | |
| # :customer1 => | |
| # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}], | |
| # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]} , | |
| # | |
| # :customer2 => | |
| # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}], | |
| # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]} | |
| #} | |
| ################ | |
| # customers = [ | |
| # [:customer1 => [[:server1 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] , | |
| # [:server2 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] | |
| # ] | |
| # ], | |
| # | |
| # [:customer1 => [[:server1 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] , | |
| # [:server2 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] | |
| # ] | |
| # ] | |
| # ] | |
| # | |
| #customerss = { | |
| # | |
| # :customer1 => [ | |
| # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ], # server1 | |
| # | |
| # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ] #server2 | |
| # | |
| # ] , #cust1 | |
| # | |
| # :customer2 => [ | |
| # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ], # server1 | |
| # | |
| # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ] #server2 | |
| # | |
| # ] #cust2 | |
| # | |
| # } # end | |
| # | |
| # | |
| =begin | |
| Net::SSH.start( host , user , :password => pass , :port => 15000 , :timeout => 7 ) do |ssh| | |
| ssh.open_channel do |ch1| | |
| ch1.on_request "exit-status" do |ch2, data| | |
| $exit_status = data.read_long | |
| end # end of ch2 | |
| ch1.request_pty do |ch3, success| | |
| puts ch3.exec("ls") | |
| if success | |
| puts "Success!!" | |
| puts ch3.exec("ls") | |
| end | |
| end # end of ch3 | |
| ch1.wait | |
| end # end of ch1 | |
| end # end of SSH.start | |
| =end | |
| #list = ARGV[0] | |
| #question = HighLine.new | |
| #pass = question.ask("Enter sudo user password: ") { |q| q.echo = "★" } | |
| #blowfish = Crypt::Blowfish.new("A key up to 56 bytes long") | |
| #plainBlock = "ABCD1234" | |
| #encryptedBlock = blowfish.encrypt_block(plainBlock) | |
| #decryptedBlock = blowfish.decrypt_block(encryptedBlock) | |
| # | |
| # | |
| #if list == nil | |
| # puts "Usage: ruby check-my-root.rb [FILE :name]" | |
| # exit | |
| #end | |
| # | |
| # | |
| # | |
| #class Info | |
| # | |
| # def initialize | |
| # @grep = Tempfile.new('.grep.txt') | |
| # @awk = Tempfile.open('.awk.txt') | |
| # end | |
| # | |
| # def grep(grep) | |
| # File.open(grep , "r") do |file| | |
| # file.each_line do |line| | |
| # File.open(".grep.txt" , "a+") do |grep| | |
| # grep.puts line if line.include?("http") || line.include?("https") # grep lines has http(stop2list) only | |
| # end | |
| # end | |
| # end | |
| # end | |
| # | |
| # def awk | |
| # grep_ary = IO.readlines(".grep.txt") | |
| # grep_ary.each do |line| | |
| # File.open(".awk.txt" , "a+") do |stop2list| | |
| # stop2list.puts "#{line.split(" ")[2]}:#{line.split(" ")[6]}" # Write stop2list of format(IP:URL) in .awk.txt | |
| # end | |
| # end | |
| # end | |
| # | |
| # | |
| # | |
| #end | |
| #IO.readlines(list).each do |s| | |
| # | |
| # begin | |
| ## user = s.split(":")[1].to_s.chomp | |
| # Net::SSH.start( s.split(":")[0].to_s.chomp , 'root' , :password => s.split(":")[1].to_s.chomp , :port => 22 , :timeout => 7 ) do |ssh| | |
| # | |
| # ssh.open_channel do |ch1| | |
| # | |
| # ch1.on_request "exit-status" do |ch2, data| | |
| # $exit_status = data.read_long | |
| # end # end of ch2 | |
| # | |
| # ch1.request_pty do |ch3, success| | |
| # ch3.exec("ls") | |
| # if success | |
| # File.open($log_file , 'a+') {|log| log.puts "#{s.split(":")[0].to_s.chomp}: #{s.split(":")[1].to_s.chomp}"} | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$ok}" | |
| # sleep 0.1 | |
| # end | |
| # end # end of ch3 | |
| # ch1.wait | |
| # end # end of ch1 | |
| # | |
| # end # end of SSH.start | |
| # rescue Timeout::Error | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$time}" | |
| # rescue | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$nok}" | |
| # end | |
| #end # end of IO | |
| # | |
| # | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ruby | |
| =begin | |
| #- Description: | |
| We need to have a script to perform a periodically review of the user account that have a login permission to all Linux :server. | |
| our objective is to insure that the users exist on the system is authorized and only a val:id user. | |
| !! We should have a list of authorized users for each customer !! | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| #=-Notes-= | |
| # sudo gem install net-ssh colorize | |
| # usage: luc.rb -l :server-list.txt | |
| update-alternatives --config ruby | |
| update-alternatives --config gem | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| =end | |
| require 'rubygems' | |
| require 'net/ssh' | |
| require 'colorize' | |
| require 'parseconfig' | |
| #require 'highline' | |
| #require 'crypt/blowfish' | |
| $log_file = 'log.txt' | |
| $ok = "[ " + "SUCCESS!".green + " ]" | |
| $nok = "[ " + "FAILED".red + " ]" | |
| $time = "[ " + "TIMEOUT".yellow + " ]" | |
| module Utils | |
| def cmd | |
| cmds = | |
| { | |
| :users => "awk -F: '$3 >= 500 {print $1,$3,$6}' /etc/passwd" , | |
| :lastlog => 'lastlog -u emerg | grep -v "Username" | awk \'{print $6"-"$5"-"$9" @ "$7"("$8")"}\'', | |
| :ip => "sudo /sbin/ip addr | grep -i inet | grep -v -e inet6 -e 127.0.0.1 | awk '{print $2}'" | |
| } | |
| return cmds | |
| end | |
| end | |
| class Connect | |
| # TODO brute force password & ports | |
| def initialize(host , user , pass = "redhat" , port = 22) | |
| include Utils | |
| @host = host | |
| @user = user | |
| @pass = pass | |
| @port = port | |
| end | |
| def ssh | |
| @ssh = Net::SSH.start( @host , @user , :password => pass , :port => @port , :timeout => 7 ) | |
| end | |
| end | |
| class Info | |
| # We need to retrieve following info from servers | |
| #-> Customer | |
| # |--> Server | |
| # |---> Users | |
| # |- id | |
| # |- name | |
| # |- home | |
| # |- last login | |
| # |- Authorization | |
| =begin | |
| - Make iterate around each *_servers & *_users and make it as categories | |
| - check x_users depend on x_servers | |
| - if x_users is not exist , consider the general one "admin + dbas" | |
| =end | |
| def initialize | |
| @config = ParseConfig.new('/home/conf1.conf') | |
| end | |
| def customers | |
| group_list = @config.groups | |
| customers_groups = group_list[1..-1] # Exclude "authorized" group | |
| return customers_groups # ["customer1", "customer2", "customerX"] | |
| end | |
| def all_users | |
| @config['authorized']['users'] = @config['authorized']['users'].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config['authorized']['users'] | |
| return users # ["user1", "user2", "userX"] | |
| end | |
| def servers_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| servers_category = all_categories.delete_if{|param| param.include?("user")} | |
| return servers_category # ["x_servers" , "y_servers"] | |
| end | |
| def servers(customer_name , category_servers) # It retrieves all server of category | |
| @config["#{customer_name}"]["#{category_servers}"] = @config["#{customer_name}"]["#{category_servers}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| servers = @config["#{customer_name}"]["#{category_servers}"] | |
| return servers # ["server1" , "server2" , "serverX"] | |
| end | |
| def users_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| users_category = all_categories.delete_if{|param| param.include?("server")} | |
| return users_category # ["x_users" , "y_users"] | |
| end | |
| def users(customer_name , category_users = all_users) # same "server", It retrieves all users of category | |
| @config["#{customer_name}"]["#{category_users}"] = @config["#{customer_name}"]["#{category_users}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config["#{customer_name}"]["#{category_users}"] | |
| return users # ["user1" , "user2" , "userX"] | |
| end | |
| def parse | |
| end | |
| end | |
| =begin | |
| config = Info.new | |
| puts "List all customers" | |
| p config.customers | |
| puts "List all Users" | |
| puts "\n\n\n" | |
| p config.all_users | |
| puts "\n\n\n" | |
| puts "List all Customers' Servers Categories" | |
| config.customers.each do |customer| | |
| p config.servers_category(customer) | |
| end | |
| puts "\n\n\n" | |
| puts "List all Servers in Categories for each customer" | |
| config.customers.each do |customer| | |
| config.servers_category(customer).each do |category| | |
| p category , config.servers(customer ,category ) | |
| end | |
| end | |
| puts "\n\n\n" | |
| puts "List all Customers' Users Categories" | |
| config.customers.each do |customer| | |
| p config.users_category(customer) | |
| end | |
| puts "\n\n\n" | |
| puts "List all Customers' Users Categories" | |
| config.customers.each do |customer| | |
| config.users_category(customer).each do |category| | |
| p customer, category , config.users(customer ,category ) | |
| end | |
| end | |
| =end | |
| #class Lua | |
| # | |
| # def initialize | |
| # @info = Info.new | |
| # #@ssh = Connect.new | |
| # end | |
| # | |
| # | |
| # | |
| # def authorized? | |
| # | |
| # end | |
| # | |
| # def report | |
| # | |
| # end | |
| # | |
| # | |
| #end | |
| # Good format | |
| #customing = { | |
| # | |
| # :customer1 => | |
| # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}], | |
| # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]} , | |
| # | |
| # :customer2 => | |
| # {:server1 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}], | |
| # :server2 => [{:id=>500 , :name=>"KING", :home=>"/:home/KING" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}, | |
| # {:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :lastlog => "29-Aug-2012 @ 15:16:06(+0300)"}]} | |
| #} | |
| ################ | |
| # customers = [ | |
| # [:customer1 => [[:server1 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] , | |
| # [:server2 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] | |
| # ] | |
| # ], | |
| # | |
| # [:customer1 => [[:server1 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] , | |
| # [:server2 => [ | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>501 , :name=>"KING1", :home=>"/:home/KING1" , :creation => "2-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>502 , :name=>"KING2", :home=>"/:home/KING2" , :creation => "3-1-2012" , :lastlog => "23-7-2012"] | |
| # ] | |
| # ] | |
| # ] | |
| # ] | |
| # ] | |
| # | |
| #customerss = { | |
| # | |
| # :customer1 => [ | |
| # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ], # server1 | |
| # | |
| # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ] #server2 | |
| # | |
| # ] , #cust1 | |
| # | |
| # :customer2 => [ | |
| # :server1 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ], # server1 | |
| # | |
| # :server2 => [[:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"], | |
| # [:id=>500 , :name=>"KING", :home=>"/:home/KING" , :creation => "1-1-2012" , :lastlog => "23-7-2012"] | |
| # ] #server2 | |
| # | |
| # ] #cust2 | |
| # | |
| # } # end | |
| # | |
| # | |
| =begin | |
| Net::SSH.start( host , user , :password => pass , :port => 15000 , :timeout => 7 ) do |ssh| | |
| ssh.open_channel do |ch1| | |
| ch1.on_request "exit-status" do |ch2, data| | |
| $exit_status = data.read_long | |
| end # end of ch2 | |
| ch1.request_pty do |ch3, success| | |
| puts ch3.exec("ls") | |
| if success | |
| puts "Success!!" | |
| puts ch3.exec("ls") | |
| end | |
| end # end of ch3 | |
| ch1.wait | |
| end # end of ch1 | |
| end # end of SSH.start | |
| =end | |
| #list = ARGV[0] | |
| #question = HighLine.new | |
| #pass = question.ask("Enter sudo user password: ") { |q| q.echo = "★" } | |
| #blowfish = Crypt::Blowfish.new("A key up to 56 bytes long") | |
| #plainBlock = "ABCD1234" | |
| #encryptedBlock = blowfish.encrypt_block(plainBlock) | |
| #decryptedBlock = blowfish.decrypt_block(encryptedBlock) | |
| # | |
| # | |
| #if list == nil | |
| # puts "Usage: ruby check-my-root.rb [FILE :name]" | |
| # exit | |
| #end | |
| # | |
| # | |
| # | |
| #class Info | |
| # | |
| # def initialize | |
| # @grep = Tempfile.new('.grep.txt') | |
| # @awk = Tempfile.open('.awk.txt') | |
| # end | |
| # | |
| # def grep(grep) | |
| # File.open(grep , "r") do |file| | |
| # file.each_line do |line| | |
| # File.open(".grep.txt" , "a+") do |grep| | |
| # grep.puts line if line.include?("http") || line.include?("https") # grep lines has http(stop2list) only | |
| # end | |
| # end | |
| # end | |
| # end | |
| # | |
| # def awk | |
| # grep_ary = IO.readlines(".grep.txt") | |
| # grep_ary.each do |line| | |
| # File.open(".awk.txt" , "a+") do |stop2list| | |
| # stop2list.puts "#{line.split(" ")[2]}:#{line.split(" ")[6]}" # Write stop2list of format(IP:URL) in .awk.txt | |
| # end | |
| # end | |
| # end | |
| # | |
| # | |
| # | |
| #end | |
| #IO.readlines(list).each do |s| | |
| # | |
| # begin | |
| ## user = s.split(":")[1].to_s.chomp | |
| # Net::SSH.start( s.split(":")[0].to_s.chomp , 'root' , :password => s.split(":")[1].to_s.chomp , :port => 22 , :timeout => 7 ) do |ssh| | |
| # | |
| # ssh.open_channel do |ch1| | |
| # | |
| # ch1.on_request "exit-status" do |ch2, data| | |
| # $exit_status = data.read_long | |
| # end # end of ch2 | |
| # | |
| # ch1.request_pty do |ch3, success| | |
| # ch3.exec("ls") | |
| # if success | |
| # File.open($log_file , 'a+') {|log| log.puts "#{s.split(":")[0].to_s.chomp}: #{s.split(":")[1].to_s.chomp}"} | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$ok}" | |
| # sleep 0.1 | |
| # end | |
| # end # end of ch3 | |
| # ch1.wait | |
| # end # end of ch1 | |
| # | |
| # end # end of SSH.start | |
| # rescue Timeout::Error | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$time}" | |
| # rescue | |
| # puts "#{s.split(":")[0].to_s.chomp}" + "\t" + "#{$nok}" | |
| # end | |
| #end # end of IO | |
| # | |
| # | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ruby | |
| =begin | |
| #- Description: | |
| We need to have a script to perform a periodically review of the user account that have a login permission to all Linux :server. | |
| our objective is to insure that the users exist on the system is authorized and only a val:id user. | |
| !! We should have a list of authorized users for each customer !! | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| #=-Notes-= | |
| # sudo gem install net-ssh colorize | |
| # usage: luc.rb -l :server-list.txt | |
| update-alternatives --config ruby | |
| update-alternatives --config gem | |
| #~~~~~~~~~~~~~~~~~~~~~~~ | |
| =end | |
| require 'rubygems' | |
| require 'net/ssh' | |
| require 'colorize' | |
| require 'parseconfig' | |
| #require 'highline' | |
| #require 'crypt/blowfish' | |
| $log_file = 'log.txt' | |
| $ok = "[ " + "SUCCESS!".green + " ]" | |
| $nok = "[ " + "FAILED".red + " ]" | |
| $time = "[ " + "TIMEOUT".yellow + " ]" | |
| module Utils | |
| class CMDs | |
| attr_accessor :lastlog , :memberOf | |
| attr_reader :ttyOn , :ttyOff , :users , :ifconfig , :logout | |
| # Set TTY On/Off | |
| def pseudo | |
| @ttyOff = "sudo sed -i 's/Defaults requiretty/#Defaults requiretty/g' /etc/sudoers" | |
| @ttyOn = "sudo sed -i 's/#Defaults requiretty/Defaults requiretty/g' /etc/sudoers" | |
| end | |
| # Get last login for explicit user | |
| def last_logging(user) | |
| @lastlog = "sudo lastlog -u #{user} | grep -v Username | awk '{print $6\"-\"$5\"-\"$9\" @ \"$7\"(\"$8\")\"}'" # TODO make emerg variable user | |
| end | |
| # Get Usernames UIDs Homes | |
| def users_info | |
| @users = "awk -F: '$3 >= 500 {print $1,$3,$6}' /etc/passwd" | |
| end | |
| # Get Groups of explicit user | |
| def memberOf(user) | |
| @memberOf = "grep #{user} /etc/group | awk -F: '{for(i=4;i<=NF;++i)print $1,$i}'" | |
| end | |
| # Get IPs of this Server! | |
| def networking | |
| @ifconfig = "sudo /sbin/ip addr | grep -i inet | grep -v -e inet6 -e 127.0.0.1 | awk '{print $2}'" | |
| end | |
| # exit if you don't mind :) | |
| def logging_out | |
| @logout = "exit" | |
| end | |
| end | |
| end | |
| class Configurations | |
| =begin | |
| TODO | |
| - Make iterate around each *_servers & *_users and make it as categories [done] | |
| - check x_users depend on x_servers [done] | |
| - if x_users is not exist , consider the general one "admin + dbas" | |
| =end | |
| def initialize | |
| @config = ParseConfig.new('/home/KING/RubymineProjects/Linux-Users-Auditor/conf1.conf') # TODO : to be given | |
| end | |
| # list all customers | |
| def customers | |
| group_list = @config.groups | |
| customers_groups = group_list[1..-1] # Exclude "authorized" group | |
| return customers_groups # ["customer1", "customer2", "customerX"] | |
| end | |
| # List the global authorized users. | |
| def all_users | |
| @config['authorized']['users'] = @config['authorized']['users'].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config['authorized']['users'] | |
| return users # ["user1", "user2", "userX"] | |
| end | |
| # list all servers' category of particular customer. | |
| def servers_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| servers_category = all_categories.delete_if{|param| param.include?("user")} | |
| return servers_category # ["x_servers" , "y_servers"] | |
| end | |
| # list all servers in particular category of particular customer | |
| def servers(customer_name , category_servers) | |
| @config["#{customer_name}"]["#{category_servers}"] = @config["#{customer_name}"]["#{category_servers}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| servers = @config["#{customer_name}"]["#{category_servers}"] | |
| return servers # ["server1" , "server2" , "serverX"] | |
| end | |
| # list all users' category of particular customer. | |
| def users_category(customer_name) | |
| all_categories = @config["#{customer_name}"].keys | |
| users_category = all_categories.delete_if{|param| param.include?("server")} | |
| return users_category # ["x_users" , "y_users"] | |
| end | |
| # list all users in particular category of particular customer | |
| def users(customer_name , category_users = all_users) # same "server", It retrieves all users of category | |
| @config["#{customer_name}"]["#{category_users}"] = @config["#{customer_name}"]["#{category_users}"].delete(' ').delete("\t").delete("\n").strip.split(%r{,\s*}) | |
| users = @config["#{customer_name}"]["#{category_users}"] | |
| return users # ["user1" , "user2" , "userX"] | |
| end | |
| end | |
| class Info | |
| attr_accessor :memeberOff | |
| attr_reader :users_info , :users , :uids , :homes | |
| def initialize | |
| #user = "emerg" | |
| #pass = "j?vgH.s4" | |
| #pass2 = "Wx[3&*0q" | |
| #new_pass = "j?vgH.s4sss" | |
| #port = 15000 | |
| end | |
| def users_info_list(list) # << ssh.exec!(@cmd.users) # TODO: check if we can make it contains all information :) | |
| @users_info = list.split.each_slice(3).to_a | |
| user_id(@users_info) | |
| username(@users_info) | |
| user_home(@users_info) | |
| end | |
| # array of users ID | |
| def user_id(list = @users_info) | |
| @uids = [] | |
| list.each { |id| id = id[1] ; @uids << id.to_i} | |
| return @uids # [500 , 501, 600] | |
| end | |
| # array of Users | |
| def username(list = @users_info) # << ssh.exec!() | |
| @users = [] | |
| list.each { |u| u = u[0] ; @users << u} | |
| return @users # [user1 ,user2 , userX] | |
| end | |
| # array of group(s) for explicit User's | |
| def user_groups(user) # << ssh.exec!(group(user)) # Will get rotation of @info.users | |
| @memberOff = [] | |
| if user.nil? == true | |
| @memberOf = ["No groups found"] | |
| else | |
| @memberOff = user.split | |
| end | |
| end # [group1, group2, groupX] | |
| # array of homes | |
| def user_home(list = @users_info) | |
| @homes = [] | |
| list.each { |h| h = h[2] ; @homes << h} | |
| return @homes # [home1, home2, homeX] | |
| end | |
| end | |
| class LUA | |
| def initialize | |
| @config = Configurations.new | |
| @info = Info.new | |
| @customers = {} # "customerX"=>{"categotyX"=>{"server1"=>{"user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true}}}} | |
| @srv_cat = {} # "categotyX"=>{"server1"=>{"user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true}}} | |
| @servers = {} # "server1"=>{"user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true}} | |
| @users = {} # "user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true} | |
| end | |
| def structure | |
| @config.customers.each do |cust| | |
| @config.servers_category(cust).each do |srv_categ| | |
| @config.servers(cust , srv_categ).each do |server| | |
| @config.users_category(cust).each do |usr_categ| | |
| @config.users(cust,usr_categ) do |user| | |
| @users[user] #= # "user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true} | |
| @servers[server] = @users | |
| @srv_cat[srv_categ] = @servers | |
| @customers[cust] = @srv_cat | |
| end | |
| end | |
| end | |
| end # | |
| end # customers | |
| end | |
| end | |
| #{"cust1"=>{"srv1"=>{"usr1"=>{:id=>500,:name=>"user1",:memberOf=>["group1,group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true}}}} | |
| #{"customerX"=>{"categotyX"=>{"server1"=>{"user1"=>{:id=>500,:name=>"user1",:memberOf=>["group1","group2"],:home=>"/home/user1",:lastlog=>"29-Aug-2012 @ 15:16:06(+0300)",:auth=>true}}}}} | |
| #Good format | |
| =begin | |
| { | |
| "customer1" => { | |
| "categoty1" => { | |
| "server1" => { | |
| "user1" => {:id=>500, :name=> "user1", :memberOf=>["group1","group2"], :home=>"/home/user1", :lastlog=> "29-Aug-2012 @ 15:16:06(+0300)", :auth=>true} , | |
| "user2" => {:id=>501, :name=> "user2", :memberOf=>["group1","group2"], :home=>"/home/user1", :lastlog=> "21-Aug-2012 @ 2:16:06(+0300)", :auth=>false} | |
| } , | |
| "server2" => { | |
| "user1" => {:id=>500, :name=> "user1", :memberOf=>["group1","group2"], :home=>"/home/user1", :lastlog=> "29-Aug-2012 @ 15:16:06(+0300)", :auth=>true} , | |
| "user2" => {:id=>501, :name=> "user2", :memberOf=>["group1","group2"], :home=>"/home/user1", :lastlog=> "21-Aug-2012 @ 2:16:06(+0300)", :auth=>false} | |
| } | |
| } | |
| } | |
| } | |
| =end | |
| ######################################## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment