You should probably use PAM to enforce password complexity instead of using a homegrown bash script.
-- Lowe Schmidt | +46 723 867 157 On 16 December 2014 at 11:54, Brian Keating <[email protected]> wrote: > > Hi, > Our security policy states we lock *nix accounts that have no passwords. > I wrote a bash script that does the job but my onlyif statement isn't > working. I want it to check and only trigger when true - not every time. > I'm new to puppet trying to learn how to write 'onlyif' statements - can > someone point me in the right direction? > > Here is manifest - the onlyif statement and the bash > lock-out-no-password-account.sh script are working in isolation. Augeas > would be ideal to handle this kind of task but I have yet to find one to > suit. Help & guidance is appreciated. > > exec { 'lock-accout-no-pass' : > command => > "/admin/scripts/lock-out-no-password-account.sh", > onlyif => "/bin/cat /etc/shadow | /bin/awk -F : '{ print > $2 }' | /bin/grep ^$ | tail -1 | /bin/grep -c ^$" > } > > #!/bin/bash > # > # Lock out active accounts with no password > > for NAME in `awk -F: '( $2 == "" ) { print $1 }' /etc/shadow`; do > MyUID=`id -u $NAME` > if [ $MyUID -gt 500 -a $NAME != 'root' ]; then > usermod -L -s /dev/null $NAME > fi > done > > Thanks, > Brian. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3dbb467c-6f00-4389-b627-46133fdafb34%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/3dbb467c-6f00-4389-b627-46133fdafb34%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAC-wWcTAGEr5CWk9WtxSgPuTix2UZxmdtaVm1%2BELUVbiJT4qxQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
