mirror of https://github.com/jumpserver/jumpserver
62 lines
2.0 KiB
YAML
62 lines
2.0 KiB
YAML
- hosts: demo
|
|
gather_facts: no
|
|
tasks:
|
|
- name: Get users
|
|
ansible.builtin.shell:
|
|
cmd: >
|
|
getent passwd | awk -F: '$7 !~ /(false|nologin|true|sync)$/' | grep -v '^$' | awk -F":" '{ print $1 }'
|
|
register: users
|
|
|
|
- name: Gather posix account last login
|
|
ansible.builtin.shell: |
|
|
for user in {{ users.stdout_lines | join(" ") }}; do
|
|
last -i --time-format iso -n 1 ${user} | awk '{ print $1,$3,$4, $NF }' | head -1 | grep -v ^$
|
|
done
|
|
register: last_login
|
|
|
|
- name: Get user password change date and expiry
|
|
ansible.builtin.shell: |
|
|
for user in {{ users.stdout_lines | join(" ") }}; do
|
|
k=$(getent shadow $user | awk -F: '{ print $3, $5 }')
|
|
echo "$user:$k"
|
|
done
|
|
register: passwd_date
|
|
|
|
- name: Get user groups
|
|
ansible.builtin.shell: |
|
|
for user in {{ users.stdout_lines | join(" ") }}; do
|
|
echo "$(groups $user)" | sed 's@ : @:@g'
|
|
done
|
|
register: user_groups
|
|
|
|
- name: Get sudoers
|
|
ansible.builtin.shell: |
|
|
for user in {{ users.stdout_lines | join(" ") }}; do
|
|
echo "$user: $(grep "^$user " /etc/sudoers | tr '\n' ';' || echo '')"
|
|
done
|
|
register: user_sudo
|
|
|
|
- name: Get authorized keys
|
|
ansible.builtin.shell: |
|
|
for user in {{ users.stdout_lines | join(" ") }}; do
|
|
home=$(getent passwd $user | cut -d: -f6)
|
|
echo -n "$user:"
|
|
if [[ -f ${home}/.ssh/authorized_keys ]]; then
|
|
cat ${home}/.ssh/authorized_keys | tr '\n' ';'
|
|
fi
|
|
echo
|
|
done
|
|
register: user_authorized
|
|
|
|
- set_fact:
|
|
info:
|
|
users: "{{ users.stdout_lines }}"
|
|
last_login: "{{ last_login.stdout_lines }}"
|
|
user_groups: "{{ user_groups.stdout_lines }}"
|
|
user_sudo: "{{ user_sudo.stdout_lines }}"
|
|
user_authorized: "{{ user_authorized.stdout_lines }}"
|
|
passwd_date: "{{ passwd_date.stdout_lines }}"
|
|
|
|
- debug:
|
|
var: info
|