Differences
This shows you the differences between two versions of the page.
linux_wiki:freeipa_report_access_host [2019/05/25 23:50] |
linux_wiki:freeipa_report_access_host [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== FreeIPA Report Access Host ====== | ||
+ | |||
+ | **General Information** | ||
+ | |||
+ | Report what users/ | ||
+ | |||
+ | **Checklist** | ||
+ | * Distro(s): Enterprise Linux 6/7 | ||
+ | * Other: [[http:// | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== The Script ====== | ||
+ | |||
+ | <code bash report-access-host.sh> | ||
+ | #!/bin/bash | ||
+ | # Name: report-access-host.sh | ||
+ | # Description: | ||
+ | # Last Modified: 2017-08-03 | ||
+ | # Recent Changes: | ||
+ | ############################################################################################### | ||
+ | |||
+ | ##### Customize These Variables ##### | ||
+ | # IPA admin user | ||
+ | admin_user=" | ||
+ | ##### End of Customize Variables ##### | ||
+ | |||
+ | # | ||
+ | # Functions; Main starts after | ||
+ | # | ||
+ | function show_usage | ||
+ | { | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e "-n HOSTNAME | ||
+ | echo -e " | ||
+ | echo -e "-> FreeIPA admin access." | ||
+ | echo -e | ||
+ | } | ||
+ | |||
+ | # | ||
+ | # Get Script Arguments | ||
+ | # | ||
+ | # Reset POSIX variable in case it has been used previously in this shell | ||
+ | OPTIND=1 | ||
+ | |||
+ | while getopts " | ||
+ | case " | ||
+ | h) # -h (help) argument | ||
+ | show_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | n) #-n HOSTNAME argument | ||
+ | | ||
+ | ;; | ||
+ | *) # invalid argument | ||
+ | show_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | |||
+ | # | ||
+ | # Pre-checks: Make sure we have good options set | ||
+ | # | ||
+ | # See if we have a kerberos ticket, if not, prompt login | ||
+ | / | ||
+ | if [[ $? -ne 0 ]]; then | ||
+ | echo ">> | ||
+ | / | ||
+ | echo | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # Main starts here | ||
+ | # | ||
+ | echo -e " | ||
+ | echo -e "#### | ||
+ | echo -e " | ||
+ | echo | ||
+ | echo -e "This script will report all users/ | ||
+ | |||
+ | ## If no hostname given, prompt ## | ||
+ | if [[ -z " | ||
+ | echo -en "-> Hostname to check access for: " | ||
+ | read system_name | ||
+ | fi | ||
+ | |||
+ | echo -e "-> Checking access for: ${system_name}" | ||
+ | ipa host-show ${system_name} > /dev/null 2>&1 | ||
+ | if [[ $? -ne 0 ]]; then | ||
+ | echo -e ">> | ||
+ | echo -e ">> | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | # Get the HBAC rule a host is a part of | ||
+ | hbac_rule=" | ||
+ | |||
+ | # Get all user groups in the HBAC rule (remove commas so we can parse in a for loop) | ||
+ | user_groups=" | ||
+ | |||
+ | echo -e " | ||
+ | echo -e "\nThe following groups/ | ||
+ | |||
+ | # For each user group, display the group name and user accounts | ||
+ | for group_name in $(echo ${user_groups}); | ||
+ | |||
+ | echo -e " | ||
+ | |||
+ | # Get group' | ||
+ | user_list=" | ||
+ | |||
+ | # Display all users | ||
+ | echo -e " | ||
+ | |||
+ | done | ||
+ | |||
+ | echo -e " | ||
+ | echo -e "=- Report: Host Access Completed. -=" | ||
+ | echo -e " | ||
+ | </ | ||
+ | |||
+ | ---- | ||