Hi,
Our security policy states we lock *nix accounts that have no passwords. I
wrote a bash script that does the job but my onlyif statement isn't
working. I want it to check and only trigger when true - not every time.
I'm new to puppet trying to learn how to write 'onlyif' statements - can
someone point me in the right direction?
Here is manifest - the onlyif statement and the bash
lock-out-no-password-account.sh script are working in isolation. Augeas
would be ideal to handle this kind of task but I have yet to find one to
suit. Help & guidance is appreciated.
exec { 'lock-accout-no-pass' :
command => "/admin/scripts/lock-out-no-password-account.sh",
onlyif => "/bin/cat /etc/shadow | /bin/awk -F : '{ print $2
}' | /bin/grep ^$ | tail -1 | /bin/grep -c ^$"
}
#!/bin/bash
#
# Lock out active accounts with no password
for NAME in `awk -F: '( $2 == "" ) { print $1 }' /etc/shadow`; do
MyUID=`id -u $NAME`
if [ $MyUID -gt 500 -a $NAME != 'root' ]; then
usermod -L -s /dev/null $NAME
fi
done
Thanks,
Brian.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3dbb467c-6f00-4389-b627-46133fdafb34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
