On 10/20/20 6:27 PM, Joseph Alexander wrote:
> I have a task from our program security to verify all local accounts on all
> of our RHEL servers and turn them in. I have
> a working playbook, but I'm wondering if there is a better, more cleaner way
> to do this.
>
> I have a script that I place on each server that runs one command:
> for i in $(awk -F: '$3 >= 1000 {print $1}' /etc/passwd); do id $i; done >
> results.txt
>
> then I fetch that file and save it as the {{ ansible_fqdn }}.txt
>
> I was thinking there has to use a template to iterate through the passwd file
> something like this:
> {% for item in users %}
> {{ item }} {{ lookup('pipe', "id -u " + item) }}
> then some type of when uid >=1000 append it to results.txt line
> {% endfor %}
>
> But I just cannot find anything on google about replacing that users variable
> with the passwd file or something similar.
> I appreciate any help. I could do it the first way, but would like a cleaner
> solution that uses ansible rather than scripts.
On modern systems passwd file is not authoritative (LDAP, Samba). The getent
utility lists all users of the system
(getent passwd) and there is a corresponding Ansible module.
So I suggest the following solution:
tasks:
- name: Retrieve user information
getent:
database: passwd
split: ':'
- name: Build list of users with uid >= 1000
set_fact:
users: "{{ users | default([]) + [item.key] }}"
when: item.value[1] | int >= 1000
with_dict:
"{{ getent_passwd }}"
- debug:
var: users
Regards
Racke
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0637701d-a431-4757-b999-04a9b0076e7bn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/0637701d-a431-4757-b999-04a9b0076e7bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/17c18857-2226-05b2-57c3-283a3e89b466%40linuxia.de.
signature.asc
Description: OpenPGP digital signature
