Forum: Cfengine Help
Subject: Re: Looking for some guidance with syncronizing passwords in AIX
Author: raymondcox
Link to topic: https://cfengine.com/forum/read.php?3,20589,20620#msg-20620
I have a working solution that is a little rough but works. I was having some
problems with the replace_patterns section which was generating the following
output:
cf3 -> Promised replacement " password = CDDJixGgW9.Ng" for pattern
"^(\tpassword) = (.*)$" is not properly convergent while editing /tmp/passwd
cf3 Because the regular expression "^(\tpassword) = (.*)$" still matches the
end-state replacement string " password = CDDJixGgW9.Ng"
cf3 Promise (version not specified) belongs to bundle 'security_edit' in file
'./admin_passwd.cf' near line 26
I combined the code example that matter provided with an example that zzamboni
had provided for user management and it seems to work great so far. Here is
what I have come up with so far:
##########################################################################
body common control {
bundlesequence => { "manage_admin_passwords" };
}
bundle agent manage_admin_passwords
{
vars:
"users" string => "CDDJixGgW9.Ng";
"users" string => "U1Grm/0cooMN.";
"users" string => "iqu5WE0L0DVWU";
"users" string => "aa65X6wBllTl2";
"users" string => "vXeDc.Jtme0yk";
"users" string => "aa65X6wBllTl2";
"users" string => "F.R0Hu8oQT1Gg";
"users" string => "aa65X6wBllTl2";
methods:
"users" usebundle => update_admin_passwords("manage_admin_passwords.users");
}
bundle agent update_admin_passwords(user)
{
vars:
"index" slist => getindices("$(user)");
"epoch" string => execresult("$(datecmd) +%s","useshell");
aix::
"datecmd" string => "/usr/bin/date";
linux::
"datecmd" string => "/bin/date";
files:
"/tmp/passwd"
comment => "update admin passwords with thos stored in the array
users",
edit_line =>
security_edit("$(index)","$($(user)[$(index)])","$($(user)[$(index)])"),
classes => if_ok("update_last_update");
commands:
update_last_update::
"/usr/bin/chsec -f /etc/security/passwd -s $(index) -a lastupdate=$(epoch)";
}
##########################################################################
bundle edit_line security_edit(userid,newpass,oldpass) {
replace_patterns:
"^(\tpassword) = $(oldpass)$"
replace_with => new_password("$(newpass)"),
select_region => user_region("$(userid)");
}
##########################################################################
body replace_with new_password(password) {
replace_value => "$(match.1) = $(password)";
}
##########################################################################
body select_region user_region(userid) {
select_start => "^$(userid):$";
#select_end => "^flags\s=\s.*$";
}
##########################################################################
body classes if_ok(x)
{
promise_repaired => { "$(x)" };
promise_kept => { "$(x)" };
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
