Pre-requisite tasks
1. Set up passwordless authentication
2. Grant root sudo access to user who is going to run this script
4. Tested on Solaris 10 servers
[bhusal@sunserv01]$$ pwd
/export/home/kbhusal/bin
[bhusal@sunserv01]$ cat chk_sudouser.sh
#!/bin/bash
# Kamal Bhusal
# Wed Jun 1 11:54:13 EDT 2016
# Get all users on the system who has sudo access and also check account status
# @expanor LLC
#
LOGFILE="logs/UserLog/User_sudo_access_`date "+%m%d%Y_time.%H-%M-%S.log"`"
#for i in 192.168.10.110 192.168.10.111
for i in `cat ../etc/hosts.ip | grep -v "#" | awk '{print $1}'`
do
echo " " >>$LOGFILE
echo "Please wait ... checking server $i"
echo "--------------------- Checking $i server" >>$LOGFILE
echo " " >>$LOGFILE
ssh -q $i 'for AUSERS in `listusers | /usr/bin/awk '\''{print $1}'\'' | /usr/bin/tr "\n" " "`; do echo; \
echo "--------------------"; \
echo "chcking $AUSERS user for sudo access"; \
/usr/local/bin/sudo -l -U $AUSERS; echo; \
echo "Checking Account password status"; \
/usr/local/bin/sudo passwd -s $AUSERS; done' >> $LOGFILE
#echo "-------------------" >> $LOGFILE
echo " " >>$LOGFILE
echo "____________________________End______________________" >> $LOGFILE
echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $LOGFILE
done
more $LOGFILE
# EOF
[bhusal@sunserv01]$
[bhusal@sunserv01]$ more ../etc/hosts.ip
192.168.10.11 sunserv1
192.168.10.12 sunserv2
#192.168.10.13 sunserv3
192.168.10.14 sunserv4
192.168.10.15 sunserv5
192.168.10.16 sunserv6
192.168.10.17 sunserv7
192.168.10.19 sunserv8
192.168.10.20 sunserv9
No comments:
Post a Comment