kill_the_humans.py

#!/usr/bin/python3
import sys

# blacklist of humans to be removed from /etc/passwd, /etc/group and /etc/shadow
HUMANS = ['jkane', 'djames']


def clean_passwd(h, humans):
    clean = []
    for row in h:
        user = row.split(':')
        if user[0] not in humans:
            clean.append(row.strip())
        else:
            print('Removing %r' % user[0])

    return "\n".join(clean) + "\n"

def clean_group(h, humans):
    clean = []
    for row in h:
        group = row.split(':')
        users = group[-1].split(',')

        new_users = []
        for user in users:
            user = user.strip()
            if user not in humans:
                new_users.append(user)
            else:
                print('Removing %r from group %r' % (user, group[0]))

        group[-1] = ",".join(new_users)
        if group[0] not in humans:
            clean.append(':'.join(group))
        else:
            print('Removing group %r' % group[0])


    return "\n".join(clean) + "\n"

def clean_shadow(h, humans):
    """format of /etc/shadow is close-enough to password for our purposes"""
    return clean_passwd(h, humans)


if __name__ == "__main__":
    if sys.argv and sys.argv[1] == "test":
        import io

        test = """root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
usbmux:x:120:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false
jkane:x:1000:1000:jkane,,,:/home/jkane:/bin/bash
postgres:x:121:130:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
sshd:x:122:65534::/var/run/sshd:/usr/sbin/nologin
"""
        expect = """root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
usbmux:x:120:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false
postgres:x:121:130:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
sshd:x:122:65534::/var/run/sshd:/usr/sbin/nologin
"""

        result = clean_passwd(io.StringIO(test), HUMANS)
        assert result == expect, "Got \n---\n%s\n---\nExpected:\n---\n%s" % (result, expect)


        test = """scanner:x:122:saned
colord:x:123:
pulse:x:124:
pulse-access:x:125:
rtkit:x:126:
saned:x:127:
jkane:x:1000:
sambashare:x:128:jkane
docker:x:129:jkane
postgres:x:130:
"""
        expect = """scanner:x:122:saned
colord:x:123:
pulse:x:124:
pulse-access:x:125:
rtkit:x:126:
saned:x:127:
sambashare:x:128:
docker:x:129:
postgres:x:130:
"""
        result = clean_group(io.StringIO(test), HUMANS)
        assert result == expect, "Got \n---\n%s\n---\nExpected:\n---\n%s" % (result, expect) 

        test = """rtkit:*:16911:0:99999:7:::
saned:*:16911:0:99999:7:::
usbmux:*:16911:0:99999:7:::
jkane:12345678901234567890RYeab4oSdHvlWjtDwmq8nn5iolWeOuUTfrQP6TKIe4mxk9G2gDvnELnrN32Juqp2iAPqVVyN4BKKw.:16916:0:99999:7:::
postgres:*:16972:0:99999:7:::
sshd:*:17053:0:99999:7:::
"""
        expect = """rtkit:*:16911:0:99999:7:::
saned:*:16911:0:99999:7:::
usbmux:*:16911:0:99999:7:::
postgres:*:16972:0:99999:7:::
sshd:*:17053:0:99999:7:::
"""
        result = clean_shadow(io.StringIO(test), HUMANS)
        assert result == expect, "Got \n---\n%s\n---\nExpected:\n---\n%s" % (result, expect) 


    else:
        with open('/etc/passwd', 'r') as h:
            clean = clean_passwd(h, HUMANS)
        with open('/etc/passwd', 'w') as h:
            h.write(clean)

        with open('/etc/group', 'r') as h:
            clean = clean_group(h, HUMANS)
        with open('/etc/group', 'w') as h:
            h.write(clean)

        with open('/etc/shadow', 'r') as h:
            clean = clean_shadow(h, HUMANS)
        with open('/etc/shadow', 'w') as h:
            h.write(clean)