diff options
28 files changed, 850 insertions, 0 deletions
diff --git a/access_like.yml/access_like.yml b/access_like.yml/access_like.yml new file mode 100644 index 0000000..781d291 --- /dev/null +++ b/access_like.yml/access_like.yml @@ -0,0 +1,220 @@ +--- +# Filename: access_like.yml +# Location: /etc/ansible/playbooks/access_like.yml +# Author: bgstack15 +# Startdate: 2018-02-01 15:00 +# Title: Playbook that Sets Access Like a User for a Different User +# Purpose: To make it easy to set up similar user access +# History: +# 2018-02-02 Add sssd support +# 2018-02-09 Add basic sudoers checking +# Usage: +# ansible-playbook -i /etc/ansible/inv/preprod --become /etc/ansible/playbooks/like_access.yml -l testserver16 -e 'thisuser=newuser' -e 'likeuser=olduser' +# Reference: +# Improve: +# Dependencies: +# from bgscripts: modconf.py bgs.py uvlib.py +# Documentation: +# This playbook performs several major functions: +# Learn if users are local or domain +# If both local, set up local group memberships to be identical, except for user private groups +# If ssh uses AllowUsers, make thisuser match likeuser +- name: Setup Access Like + hosts: all + vars: + sshd_config_file: /etc/ssh/sshd_config + sssd_conf_file: /etc/sssd/sssd.conf + group_file: /etc/group + sudoers_file: /etc/sudoers + sudoers_dir: /etc/sudoers.d + tasks: + - set_fact: + likeuser_is_local: False + likeuser_is_domain: False + thisuser_is_local: False + thisuser_is_domain: False + + - name: learn if users are local or domain + shell: warn=no getent passwd -s {{ item[1] }} {{ item[0] }} 1>/dev/null && echo "YES" || echo "no" + changed_when: false + with_nested: + - [ "{{ likeuser }}", "{{ thisuser }}" ] + - [ 'sss', 'files' ] + register: islocalusers + + - set_fact: + likeuser_is_domain: True + when: 'item.stdout == "YES"' + with_items: + - "{{ islocalusers.results[0] }}" + + - set_fact: + likeuser_is_local: True + when: 'item.stdout == "YES"' + with_items: + - "{{ islocalusers.results[1] }}" + + - set_fact: + thisuser_is_domain: True + when: 'item.stdout == "YES"' + with_items: + - "{{ islocalusers.results[2] }}" + + - set_fact: + thisuser_is_local: True + when: 'item.stdout == "YES"' + with_items: + - "{{ islocalusers.results[3] }}" + + # Now these variables are defined as a boolean + # likeuser_is_local + # likeuser_is_domain + # thisuser_is_local + # thisuser_is_domain + +# LOCAL GROUPS + - name: learn groups of local likeuser excluding user private group + #shell: warn=no id -nG {{ likeuser }} | tr '[[:space:]]' '\n' | xargs -n1 -I[] grep -E "^[]:" "{{ group_file }}" 2>/dev/null | awk -F':' '!/:$/{print $1}' + shell: warn=no awk -F':' '/:.*\<{{ likeuser }}\>/{print $1;}' "{{ group_file }}" 2>/dev/null | cat + register: thesegroups + changed_when: false + + - name: learn primary group of first user + shell: warn=no id -ng {{ likeuser }} + register: this_primary_group + changed_when: false + when: + - 'likeuser_is_domain or likeuser_is_local' + + - name: add thisuser to thesegroups + user: + name: "{{ thisuser }}" + append: yes + groups: "{{ thesegroups.stdout_lines }}" + when: + - 'thisuser_is_local' + + - name: add thisuser to this_primary_group, if not user private group + user: + name: "{{ thisuser }}" + group: "{{ this_primary_group.stdout }}" + when: + - 'this_primary_group.stdout is defined and this_primary_group.stdout not in likeuser' + - 'thisuser_is_local' + + - name: set thisuser to user private group, if user private group + user: + name: "{{ thisuser }}" + group: "{{ thisuser }}" + when: + - 'this_primary_group.stdout is defined and this_primary_group.stdout in likeuser' + - 'thisuser_is_local' + +# SSH and SSSD +# these are checked at the same time because they each need the helper script + - name: learn if ssh uses AllowUsers + shell: grep -qiE "^\s*AllowUsers" "{{ sshd_config_file }}" && echo YES || echo no + register: ssh_uses_allowusers + ignore_errors: yes + changed_when: false + + - name: learn if sssd uses simple_allow_users + shell: grep -qiE "^\s*simple_allow_users" "{{ sssd_conf_file }}" && echo YES || echo no + register: sssd_uses_simple_allow_users + ignore_errors: yes + changed_when: false + + - name: learn if likeuser can ssh + shell: grep -qiE '^\s*AllowUsers.*\<{{ likeuser }}\>' "{{ sshd_config_file }}" && echo YES || echo no + register: likeuser_can_ssh + changed_when: false + when: '"YES" in ssh_uses_allowusers.stdout' + + - name: learn if thisuser can already ssh + shell: grep -qiE '^\s*AllowUsers.*\<{{ thisuser }}\>' "{{ sshd_config_file }}" && echo YES || echo no + register: thisuser_can_ssh + changed_when: false + when: '"YES" in ssh_uses_allowusers.stdout' + + - name: learn if likeuser can sssd + shell: grep -qiE '^\s*simple_allow_users.*\<{{ likeuser }}\>' "{{ sssd_conf_file }}" && echo YES || echo no + register: likeuser_can_sssd + changed_when: false + when: '"YES" in sssd_uses_simple_allow_users.stdout' + + - name: learn if thisuser can already sssd + shell: grep -qiE '^\s*simple_allow_users.*\<{{ thisuser }}\>' "{{ sssd_conf_file }}" && echo YES || echo no + register: thisuser_can_sssd + changed_when: false + when: '"YES" in sssd_uses_simple_allow_users.stdout' + + - name: deploy helper script, if likeuser can ssh or sssd but thisuser cannot + copy: + src: "/etc/ansible/dependencies/{{ item }}" + dest: "/tmp/{{ item }}" + mode: 0644 + owner: root + group: root + changed_when: false + with_items: + - modconf.py + - uvlib.py + - bgs.py + when: + - '(likeuser_can_ssh.stdout is defined and "YES" in likeuser_can_ssh.stdout and thisuser_can_ssh.stdout is defined and "no" in thisuser_can_ssh.stdout) or (likeuser_can_sssd.stdout is defined and "YES" in likeuser_can_sssd.stdout and thisuser_can_sssd.stdout is defined and "no" in thisuser_can_sssd.stdout)' + +# SSH + - name: add thisuser to ssh allowusers, if likeuser can ssh but thisuser cannot + shell: /usr/bin/python2 /tmp/modconf.py -a "{{ sshd_config_file }}" --itemdelim " " --variabledelim " " add AllowUsers "{{ thisuser }}" + args: + chdir: /tmp + notify: reload sshd + when: + - 'likeuser_can_ssh.stdout is defined and "YES" in likeuser_can_ssh.stdout' + - 'thisuser_can_ssh.stdout is defined and "no" in thisuser_can_ssh.stdout' + +# SSSD + - name: add thisuser to sssd simple_allow_users, if likeuser can sssd but thisuser cannot + shell: /usr/bin/python2 /tmp/modconf.py -a "{{ sssd_conf_file }}" --itemdelim ", " --variabledelim " " add simple_allow_users "{{ thisuser }}" + args: + chdir: /tmp + notify: reload sssd + when: + - 'likeuser_can_sssd.stdout is defined and "YES" in likeuser_can_sssd.stdout' + - 'thisuser_can_sssd.stdout is defined and "no" in thisuser_can_sssd.stdout' + +# SUDOERS + - name: learn if likeuser is in sudoers + shell: warn=no grep -rE '\<{{ likeuser }}\>' "{{ sudoers_file }}" "{{ sudoers_dir }}" || true + ignore_errors: yes + changed_when: false + register: in_sudoers + + - name: Check sudoers on these hosts + debug: + msg: "{{ ansible_nodename }} {{ item }}" + with_items: "{{ in_sudoers.stdout_lines }}" + when: 'likeuser in in_sudoers.stdout' + +# CLEANUP + - name: clean helper scripts + file: + path: "/tmp/{{ item }}" + state: absent + changed_when: false + ignore_errors: true + with_items: + - modconf.py + - uvlib.py + - bgs.py + + handlers: + - name: reload sshd + service: + name: sshd + state: reloaded + + - name: reload sssd + service: + name: sssd + state: reloaded
\ No newline at end of file diff --git a/access_like.yml/description b/access_like.yml/description new file mode 100644 index 0000000..6dcd4fe --- /dev/null +++ b/access_like.yml/description @@ -0,0 +1 @@ +Ansible playbook for configuring access like a user
\ No newline at end of file diff --git a/ansible-own.sh/ansible-own.sh b/ansible-own.sh/ansible-own.sh new file mode 100644 index 0000000..400b009 --- /dev/null +++ b/ansible-own.sh/ansible-own.sh @@ -0,0 +1,11 @@ +#!/bin/sh +ansibleown_version="2018-04-04a" +tu=ansible +tg="$( id -ng "${tu}" )" +for word in $@ ; +do + # set group accessible + find ${word} -exec chown "${tu}:${tg}" {} \; -exec chmod g+rwX {} \; + # set setgid and sticky bits + find ${word} -type d -exec chmod g+s,o+t {} \; +done diff --git a/ansible-own.sh/description b/ansible-own.sh/description new file mode 100644 index 0000000..da33dae --- /dev/null +++ b/ansible-own.sh/description @@ -0,0 +1 @@ +Script that enforces ansible ownership of ansible files
\ No newline at end of file diff --git a/convert_to_seq.sh/convert_to_seq.sh b/convert_to_seq.sh/convert_to_seq.sh new file mode 100644 index 0000000..5e92ff7 --- /dev/null +++ b/convert_to_seq.sh/convert_to_seq.sh @@ -0,0 +1,5 @@ +convert_to_seq() { + printf "${@}" | xargs -n1 -d',' | tr '-' ' ' | awk 'NF == 2 { system("/bin/seq "$1" "$2); } NF != 2 { print $1; }' | xargs +} + +convert_to_seq "$1"
\ No newline at end of file diff --git a/convert_to_seq.sh/description b/convert_to_seq.sh/description new file mode 100644 index 0000000..10e1ab8 --- /dev/null +++ b/convert_to_seq.sh/description @@ -0,0 +1 @@ +Convert input sets of numbers into numerical sequences
\ No newline at end of file diff --git a/delayed_cleanup.sh/delayed_cleanup.sh b/delayed_cleanup.sh/delayed_cleanup.sh new file mode 100644 index 0000000..4d85b7f --- /dev/null +++ b/delayed_cleanup.sh/delayed_cleanup.sh @@ -0,0 +1,15 @@ +# Example script name: fetch +clean_fetch() { + # Delayed cleanup + if test -z "${FETCH_NO_CLEAN}" ; + then + nohup /bin/bash <<EOF 1>/dev/null 2>&1 & +sleep "${FETCH_CLEANUP_SEC:-300}" ; /bin/rm -r "${FETCH_TMPDIR:-NOTHINGTODELETE}" 1>/dev/null 2>&1 ; +EOF + fi +} + +trap "__ec=$? ; clean_fetch ; trap '' {0..20} ; exit ${__ec} ;" {0..20} +FETCH_TMPDIR="$( mktemp -d )" +tmpfile1="$( TMPDIR="${FETCH_TMPDIR}" mktemp )" +tmpfile2="$( TMPDIR="${FETCH_TMPDIR}" mktemp )"
\ No newline at end of file diff --git a/delayed_cleanup.sh/description b/delayed_cleanup.sh/description new file mode 100644 index 0000000..3461b72 --- /dev/null +++ b/delayed_cleanup.sh/description @@ -0,0 +1 @@ +Delayed cleanup of temp files in shell
\ No newline at end of file diff --git a/get-hrefs.sh/description b/get-hrefs.sh/description new file mode 100644 index 0000000..4194786 --- /dev/null +++ b/get-hrefs.sh/description @@ -0,0 +1 @@ +Get hrefs from html
\ No newline at end of file diff --git a/get-hrefs.sh/get-hrefs.sh b/get-hrefs.sh/get-hrefs.sh new file mode 100644 index 0000000..e134d84 --- /dev/null +++ b/get-hrefs.sh/get-hrefs.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# read stdin +grep -oE 'href=\".+\"' | sed -r -e 's/^href=\"//g;' -e 's/\"\s*$//;'
\ No newline at end of file diff --git a/get-my-gists.py b/get-my-gists.py new file mode 100755 index 0000000..80f7270 --- /dev/null +++ b/get-my-gists.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python +# Filename: get-my-gists.py +# Location: gitlab, probably +# Author: Chris Arndt (stackoverflow uid 39275), bgstack15 +# Startdate: 2018-06-05 21:49 +# Title: Script That Downloads GitHub Gists in a Nice Format +# Purpose: To facilitate my departure from GitHub +# History: +# Usage: ./get-my-gists.py bgstack15 +# Reference: +# copied from https://stackoverflow.com/questions/6724490/pull-all-gists-from-github/34052242#34052242 +# Improve: +# -*- coding: utf-8 -*- +"""Clone all gists of GitHub username given on the command line.""" + +import subprocess +import sys +import requests + +if len(sys.argv) > 1: + gh_user = sys.argv[1] +else: + print("Usage: get-my-gists.py <GitHub username>") + sys.exit(1) + +req = requests.get('https://api.github.com/users/%s/gists' % gh_user) + +for gist in req.json(): + + # get attributes + name = gist['files'].keys()[0] + descrip = gist['description'] + + # debugging + print name + ": " + descrip + + # clone the repo + ret = subprocess.call(['git', 'clone', gist['git_pull_url'], name]) + if ret != 0: + print("ERROR cloning gist %s. Please check output." % gist['id']) + + # save description + with open(name + "/" + "description", "w") as text_file: + text_file.write(descrip) diff --git a/hash-cert-dir.sh/description b/hash-cert-dir.sh/description new file mode 100644 index 0000000..a54f279 --- /dev/null +++ b/hash-cert-dir.sh/description @@ -0,0 +1 @@ +Hash certificate directory in another directory
\ No newline at end of file diff --git a/hash-cert-dir.sh/hash-cert-dir.sh b/hash-cert-dir.sh/hash-cert-dir.sh new file mode 100644 index 0000000..375e737 --- /dev/null +++ b/hash-cert-dir.sh/hash-cert-dir.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# File: hash-cert-dir.sh +# Location: /etc/ansible/roles/general_conf/files/hash-cert-dir.sh +# Author: bgstack15@gmail.com +# Startdate: 2017-12-18 +# Title: Script that Makes Symlinks for Certs in a Directory +# Purpose: Make a directory suitable for openldap to use as TLS_CACERTDIR +# History: +# Usage: +# HCD_SOURCEDIR=/etc/pki/ca-trust/source/anchors HCD_LINKDIR=/etc/openldap/cacerts hash-cert-dir.sh +# Reference: +# Improve: +# # Ansible task +# - name: hash trusted certs for ldap to trust +# script: hash-cert-dir.sh +# environment: +# HCD_SOURCEDIR: /etc/pki/ca-trust/source/anchors +# HCD_LINKDIR: /etc/openldap/cacerts +# register: hcd +# changed_when: '"changed" in hcd.stdout' + +# Declare variables +test -z "${HCD_SOURCEDIR}" && export HCD_SOURCEDIR=/etc/pki/ca-trust/source/anchors +test -z "${HCD_LINKDIR}" && export HCD_LINKDIR=/etc/openldap/cacerts + +# Check dependencies +OPENSSL="$( which openssl 2>/dev/null )" ; test ! -x "${OPENSSL}" && { echo "${0} needs openssl. Aborted." 1>&2 ; exit 1; } + +# Make directory +mkdir -p "${HCD_LINKDIR}" + +# Loop over ca certificates +__changed=0 +for infile in $( find "${HCD_SOURCEDIR}" -type f 2>/dev/null ) ; +do + + # Get hash of certificate + hash="$( ${OPENSSL} x509 -hash -noout -in "${infile}" 2>/dev/null )" + + # Get new filename + count="$( find "${HCD_LINKDIR}" -type l -regex "${HCD_LINKDIR}/${hash}.*" 2>/dev/null | wc -l )" + __used=0 + + # Check if any symlinks exist for this target cert + for outfile in $( find "${HCD_LINKDIR}" -type l -regex "${HCD_LINKDIR}/${hash}.*" 2>/dev/null ) ; + do + test "$( readlink -f "${outfile}" )" = "${infile}" && __used=1 + done + + # If no symlinks point to this target cert, make the symlink + test ${__used} -eq 0 && { ln -s "${infile}" "${HCD_LINKDIR}/${hash}.${count}" ; __changed=$(( __changed + 1 )) ; } +done + +# Report to ansible if any changes occurred +test ${__changed} -gt 0 && echo "changed" + +# Exit cleanly +exit 0
\ No newline at end of file diff --git a/htmlize/description b/htmlize/description new file mode 100644 index 0000000..c431437 --- /dev/null +++ b/htmlize/description @@ -0,0 +1 @@ +Htmlize function
\ No newline at end of file diff --git a/htmlize/htmlize b/htmlize/htmlize new file mode 100644 index 0000000..2c31b88 --- /dev/null +++ b/htmlize/htmlize @@ -0,0 +1 @@ +htmlize () { $( which sed ) -r -e 's/</\xCAlt;/g;' -e 's/>/\xCAgt;/g;' -e 's/\&/\&amp;/g;' -e 's/\xCA([lg])t;/\&\1t;/g;' ; }
\ No newline at end of file diff --git a/ls-leases/description b/ls-leases/description new file mode 100644 index 0000000..389a05b --- /dev/null +++ b/ls-leases/description @@ -0,0 +1 @@ +list dhcp leases
\ No newline at end of file diff --git a/ls-leases/ls-leases b/ls-leases/ls-leases new file mode 100644 index 0000000..98e7e2a --- /dev/null +++ b/ls-leases/ls-leases @@ -0,0 +1,30 @@ +#!/bin/sh +# 2017-04-02 12:30 quick and dirty ls-leases +# sed combine lines: http://stackoverflow.com/a/7853846/3569534 + +DEFAULT_LEASE_FILE=/var/lib/dhcpd/dhcpd.leases + +leasefile="${DEFAULT_LEASE_FILE}" +#leasefile=/home/bgirton-local/foo + + +#sed -n '/^lease/,/^}/ { s/;' ${leasefile} +# the crazy sed removes leading and trailing whitespace, blank lines, and comments +declare -a leases +leases="$( sed -e 's/^\s*//;s/\s*$//;/^[#$]/d;s/\s*[^\]#.*$//;' "${leasefile}" | grep -viE "^$|^#" | sed -r -e '/server-duid/d;:a;/[;{]$/{N;s/\n//;ba}' )" + +{ echo "${leases}"; echo "FINALLINE"; } | { \ +printf "%-15s\t%-19s\t%-19s\t%s\n" "lease" "ends" "hw" "hostname" +while read line; +do + if ! test "${line}" = "FINALLINE"; + then + lease="$( echo "${line}" | grep -oiE "lease.{10,30}\{" | cut -f2 -d' ' )" + ends="$( echo "${line}" | grep -oiE "ends.{10,30}\;" | tr -d ';' | cut -f3,4 -d' ' )" + hw="$( echo "${line}" | grep -oiE "hardware.{10,50}\;" | tr -d ';' | cut -f3 -d' ' )" + hostname="$( echo "${line}" | grep -oIE "client-hostname.{0,30}\;" | tr -d ';' | cut -f2 -d' ' )" + printf "%s\t%s\t%s\t%s\n" "${lease}" "${ends}" "${hw}" "${hostname}" + fi +done +} | column -t -s'\' | \ +sort -k2,3 | tac | awk '!x[$4]++' diff --git a/sapsnug.sh/description b/sapsnug.sh/description new file mode 100644 index 0000000..2a7101c --- /dev/null +++ b/sapsnug.sh/description @@ -0,0 +1 @@ +Wrapper for ansible to use nsupdate -g
\ No newline at end of file diff --git a/sapsnug.sh/sapsnug.sh b/sapsnug.sh/sapsnug.sh new file mode 100644 index 0000000..d897acb --- /dev/null +++ b/sapsnug.sh/sapsnug.sh @@ -0,0 +1,97 @@ +#!/bin/sh +# File: /etc/ansible/books/stable/clone/dependencies/sapsnug.sh +# Author: bgstack15 +# Startdate: 2018-04-05 10:12 +# Title: Script to Accept Parameters to Send to Nsupdate Using Gsstsig +# Purpose: To wrap nsupdate -g in ansible +# History: +# Usage: +# Run as root, or define variables SNUG_PASSWORD and SNUG_USERNAME +# Variables: +# SNUG_DEBUG with any value will direct output to cat instead of nsupdate -g. +# SNUG_DELIM="%" will replace this character with newlines, which nsupdate uses as statement delimiters +# Examples: +# SNUG_PASSWORD="example" SNUG_USERNAME="bgstack15" ./sapsnug.sh "update add 12.20.200.10.in-addr.arpa 300 IN PTR clonetest212.prod1.example.com." +# Reference: +# original research +# learn if root user framework.sh +# just use stdin for kinit https://serverfault.com/questions/422778/how-to-automate-kinit-process-to-obtain-tgt-for-kerberos/422783#422783 +# Improve: +# Documentation: +# This script exists because the nsupdate for ptr to our AD only works with gsstsig. +# Execute this manually with: +# kinit -E -k "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )$" +# # DELETE ENTRY, single session +# nsupdate <<'EOF' +# update delete clonetest212.prod1.example.com. A +# send +# gsstsig +# update delete 12.20.200.10.in-addr.arpa ptr +# send +# EOF +# # CREATE ENTRY, single session +# nsupdate <<'EOF' +# update add clonetest212.prod1.example.com. 86400 A 10.200.20.12 +# send +# gsstsig +# update add 12.20.200.10.in-addr.arpa 300 IN PTR clonetest212.prod1.example.com. +# send +# EOF + +# Define functions +fail_out() { + # call: fail_out 1 "this will leave now with rc 1." + local trc="${1}" ; shift + test -n "${@}" && printf "%s\n" "${@}" 1>&2 + exit "${trc:-1}" +} + +# learn if root user +test "${USER}" = "root" && is_root=1 +test -n "${SUDO_USER}" && is_root="sudo" + +# prepare to get kerberos ticket +if test -z "${is_root}" ; +then + # not root, so need to use environment variables + test -z "${SNUG_USERNAME}" && fail_out 1 "${0}: SNUG_USERNAME is not defined, or was not run as root. Aborted." + test -z "${SNUG_PASSWORD}" && fail_out 1 "${0}: SNUG_PASSWORD is not defined, or was not run as root. Aborted." +fi + +# get kerberos ticket +if test -n "${is_root}" ; +then + # do it with host kerberos ticket + /bin/kinit -E -k "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )$" +else + # do it with username and password + SNUG_USERNAME="$( printf "%s" "${SNUG_USERNAME}" | sed -r -e 's/^.*\\//;' -e 's/@.*$//;' )" + printf "%s" "${SNUG_PASSWORD}" | /bin/kinit "${SNUG_USERNAME}" 1>/dev/null ; trc=$? + case "${trc}" in + 0) : ;; + *) fail_out "${trc}" "${0}: kinit exited unexpectedly with code ${trc}. Aborted." ;; + esac +fi + +# fail out if klist fails +/usr/bin/klist 1>/dev/null 2>&1 ; trc=$? +case "${trc}" in + 0) : ;; + *) fail_out "${trc}" "${0}: klist exited unexpectedly with code ${trc}. Aborted." ;; +esac + +# run nsupdate with the commands +{ + printf "%s\n" "$@" | sed -r -e "s/${SNUG_DELIM:-%}\s?/\n/g;" + echo "send" + echo "quit" +} | { + if test -n "${SNUG_DEBUG}" ; + then + cat - ; trc=$? + else + nsupdate -g ; trc=$? + fi +} + +exit "${trc}"
\ No newline at end of file diff --git a/sapsnug.sh/snippet of clone.yml b/sapsnug.sh/snippet of clone.yml new file mode 100644 index 0000000..8aa0129 --- /dev/null +++ b/sapsnug.sh/snippet of clone.yml @@ -0,0 +1,14 @@ +# Reference: +# derive the in-addr.arpa reversed IP address https://github.com/ansible/ansible/issues/18738#issuecomment-264737140 + +- name: add reverse ptr records to dns for new servers + # whenever ansible adds support for nsupdate with gsstsig, please migrate to that method! + shell: /etc/ansible/books/stable/clone/dependencies/sapsnug.sh "update add {{ (item.ip.split('.'))[::-1]|join('.') }}.in-addr.arpa 300 IN PTR {{ item.name }}.{{ item.dns_zone | default(default_dns_zone) }}." + environment: + SNUG_USERNAME: "{{ vc_username }}" + SNUG_PASSWORD: "{{ vc_password }}" + #SNUG_DEBUG: yes + SNUG_DELIM: '%' + with_items: + - "{{ vms }}" + register: sapsnug
\ No newline at end of file diff --git a/update_root_pw.yml/description b/update_root_pw.yml/description new file mode 100644 index 0000000..c15ac34 --- /dev/null +++ b/update_root_pw.yml/description @@ -0,0 +1 @@ +Ansible playbook that changes root password
\ No newline at end of file diff --git a/update_root_pw.yml/update_root_pw.yml b/update_root_pw.yml/update_root_pw.yml new file mode 100644 index 0000000..94ec78c --- /dev/null +++ b/update_root_pw.yml/update_root_pw.yml @@ -0,0 +1,56 @@ +--- +# File: /etc/ansible/playbooks/prod/update_root_pw.yml +# Authors: bgstack15 +# Startdate: 2017-10-24 +# Title: Playbook that updates the local root password +# Purpose: Makes it easy to update the root password +# Usage: +# time ansible-playbook /etc/ansible/playbooks/prod/update_root_pw.yml -i /etc/ansible/dc3.inv -l el7test14 -v --ask-vault-pass +# Make file /home/ansible/rootpw.yml with the contents: +# --- +# password: "super$ecretpa5swOrdmy" +# ... +# Encrypt with: +# ansible-vault encrypt /home/ansible/rootpw.yml +# Reference: +# Version: 2017-10-24a +# Notes: + +- hosts: all + vars_files: + - /home/ansible/rootpw.yml + tasks: + + - block: + + # alternatives include yum: package=expect state=present + - name: Move pexpect-3.3 to server and untar + unarchive: + src: /etc/ansible/templates/pexpect-3.3.tar.gz + dest: /usr/ + owner: root + group: root + mode: 0770 + + - name: Install pexpect + command: /usr/bin/python setup.py install + args: + chdir: /usr/pexpect-3.3/ + + # for some reason this does not work: user: name=root password="{{ password }}" + - name: Set password to permanent password + expect: + command: passwd root + responses: + (?i)password: "{{ password }}" + + - name: Password last set on today, with minimum password life of 0 days + command: chage -d "{{ ansible_date_time.date }}" -m 0 -E -1 -M -1 root + + - name: Set expiration date of never + command: usermod -e -1 root + register: usermod + changed_when: 'usermod.stderr != "usermod: no changes"' + + become: yes +...
\ No newline at end of file diff --git a/userinfo.sh/description b/userinfo.sh/description new file mode 100644 index 0000000..27c1966 --- /dev/null +++ b/userinfo.sh/description @@ -0,0 +1 @@ +Script that Displays User Info
\ No newline at end of file diff --git a/userinfo.sh/userinfo.sh b/userinfo.sh/userinfo.sh new file mode 100644 index 0000000..33be1db --- /dev/null +++ b/userinfo.sh/userinfo.sh @@ -0,0 +1,172 @@ +#!/bin/sh +# Filename: userinfo.sh +# Author: bgstack15@gmail.com +# Startdate: 2018-01-03 16:11 +# Title: Script that Displays User Info +# Purpose: Displays specific metrics this environment would like to query +# History: +# Usage: +# Reference: +# id -Gnz https://stackoverflow.com/questions/14059916/is-there-a-command-to-list-all-unix-group-names/29615866#29615866 +# Improve: +# Document: + +# FUNCTIONS +clean_userinfo() { + rm -rf "${tmpdir:-NOTHINGTODEL}" 1>/dev/null 2>&1 +} + +fail() { + local number=$1 ; shift ; + echo "$@" + exit "${number}" +} + +f_user() { + printf "%s: %s\n" "user" "${1}" +} + +f_getent() { + local output="$( "${GETENT}" passwd "${user}" 2>/dev/null )" + if test -z "${output}"; + then + printf "%s: %s\n" "getent" "NO" + return 1 + else + printf "%s: %s\n" "getent" "YES" + return 0 + fi +} + +f_getent_type() { + local is_files="" ; local is_sss="" ; + "${GETENT}" passwd -s files "${user}" 1>/dev/null 2>&1 && is_files="files" + "${GETENT}" passwd -s sss "${user}" 1>/dev/null 2>&1 && is_sss="sss" + local is="$( echo "${is_files},${is_sss}" | sed -r -e 's/,$//;' -e 's/^,//;' )" + printf "%s: %s\n" "getent_type" "${is}" +} + +f_can_ssh() { + # Get all ssh access limit strings + local ssh_limit="$( grep -iE '^\s*allow(groups|users)\s' /etc/ssh/sshd_config )" + local can_ssh=0 + # error if more than one line returned + local line_count="$( echo -n "${ssh_limit}" | grep -E '.' | wc -l )" + case "${line_count}" in + 0) + # no restrictions on ssh + can_ssh=1 + ;; + + 1) + # check allowusers string + echo "${ssh_limit}" | grep -qE "AllowUsers\s+.*\<${user}\>" && can_ssh=1 + + # check allowgroup string + if ! test ${can_ssh} -eq 1; + then + id -Gnz "${user}" 2>/dev/null | tr '\0' '\n' | sed -r -e 's/^/\\\</;' -e 's/$/\\\>/;' > "${tmpfile1}" + echo "${ssh_limit}" | grep -E "AllowGroups\s+.*" | grep -qf "${tmpfile1}" && can_ssh=1 + fi + ;; + + *) + fail 1 "Invalid ssh config detected. Please check /etc/ssh/sshd_config. Aborted." + # the fail function will exit, so this return 1 will never actually execute. + return 1 + ;; + + esac + + if test ${can_ssh} -gt 0 ; + then + printf "%s: %s\n" "can_ssh" "YES" + else + printf "%s: %s\n" "can_ssh" "NO" + fi +} + +f_can_sss() { + # determine if sss user + local can_sss=0 + if f_getent_type | grep -vqE 'sss' ; + then + can_sss=2 + else + + # Get all sssd access limit strings + local sss_limit="$( grep -iE '^\s*simple_allow_(groups|users)\s' /etc/sssd/sssd.conf )" + + # error if more than one line returned + local line_count="$( echo -n "${sss_limit}" | grep -E '.' | wc -l )" + case "${line_count}" in + 0) + # no restrictions on sss + can_sss=1 + ;; + + 1) + # check simple_allow_users string + echo "${sss_limit}" | grep -qE "AllowUsers\s+.*\<${user}\>" && can_sss=1 + + # check simple_allow_groups string + if ! test ${can_sss} -eq 1; + then + id -Gnz "${user}" 2>/dev/null | tr '\0' '\n' | sed -r -e 's/^/\\\</;' -e 's/$/\\\>/;' > "${tmpfile1}" + echo "${sss_limit}" | grep -E "simple_allow_groups\s+.*" | grep -q -f "${tmpfile1}" && can_sss=1 + fi + ;; + + *) + fail 1 "Invalid sssd config detected. Please check /etc/sssd/sssd.conf. Aborted." + # the fail function will exit, so this return 1 will never actually execute. + return 1 + ;; + + esac + + fi + + case "${can_sss}" in + 0) + printf "%s: %s\n" "can_sss" "NO" + ;; + 1) + printf "%s: %s\n" "can_sss" "YES" + ;; + *) + printf "%s: %s\n" "can_sss" "na" + ;; + esac + +} + +# TEMP FILES +tmpdir="$( mktemp -d )" +tmpfile1="$( TMPDIR="${tmpdir}" mktemp )" +logfile="$( TMPDIR="${tmpdir}" mktemp )" +trap 'clean_userinfo ; trap "" 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; exit 0 ;' 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 + +# GET USERNAME FROM PARAMETERS +user="${1}" ; test -z "${user}" && fail 1 "${0} needs a username provided on the command line. Aborted." + +# DEPENDENCIES +GETENT=$( which getent ) ; test -x "${GETENT}" || fail 1 "${0} needs getent. Aborted." + +# RUN AS ROOT +test "$( id -u 2>/dev/null )" -eq 0 || fail 1 "${0} must be run as root. Aborted." + +# MAIN LOOP +{ + + # LEARN AND PRINT INFO + f_user "${user}" + f_getent + f_getent_type + f_can_ssh + f_can_sss + +} | tee -a "${logfile}" + +# EXIT CLEANLY +exit 0
\ No newline at end of file diff --git a/world-read-python-libs.sh/description b/world-read-python-libs.sh/description new file mode 100644 index 0000000..6d3d90e --- /dev/null +++ b/world-read-python-libs.sh/description @@ -0,0 +1 @@ +Set python libs to be world readable
\ No newline at end of file diff --git a/world-read-python-libs.sh/world-read-python-libs.sh b/world-read-python-libs.sh/world-read-python-libs.sh new file mode 100644 index 0000000..65321c6 --- /dev/null +++ b/world-read-python-libs.sh/world-read-python-libs.sh @@ -0,0 +1,6 @@ +#!/bin/sh +worldreadpythonlibs_version="2018-04-06a" +for word in /usr/lib{,64}/python2.7/site-packages ; +do + find ${word} -exec chmod g+rX,o+rX {} \; +done
\ No newline at end of file diff --git a/xfe.spec/description b/xfe.spec/description new file mode 100644 index 0000000..f06491b --- /dev/null +++ b/xfe.spec/description @@ -0,0 +1 @@ +xfe spec Fedora 26 with proper build deps
\ No newline at end of file diff --git a/xfe.spec/xfe.spec b/xfe.spec/xfe.spec new file mode 100644 index 0000000..1fe1af0 --- /dev/null +++ b/xfe.spec/xfe.spec @@ -0,0 +1,105 @@ +Name: xfe +Version: 1.42 +Summary: X File Explorer (Xfe) is a file manager for X. +Release: 1{?dist} +License: GPL +Group: File tools +Requires: fox >= 1.6 libpng >= 1.2 +BuildRequires: fox-devel >= 1.6 libpng-devel >= 1.2 glib-devel libXft-devel freetype-devel gcc-c++ +Source: %{name}-%{version}.tar.gz +Packager: Roland Baudin <roland65@free.fr> +BuildRoot: %{_tmppath}/%{name}-buildroot + +%description +X File Explorer (Xfe) is a filemanager for X. It is based on the popular X Win Commander, which is +discontinued. Xfe is desktop independent and is written with the C++ Fox Toolkit. It has Windows Commander +or MS-Explorer look and is very fast and simple. The main features are: file associations, +mount/umount devices, directory tree for quick cd, change file attributes, auto +save registry, compressed archives view/creation/extraction and much more. + +%prep +%setup -q + +%build +%configure --with-included-gettext --enable-release +make + + +%install +rm -rf %{buildroot} +%makeinstall +%find_lang %{name} +if [ -f %{buildroot}%{_datadir}/locale/locale.alias ]; then + rm %{buildroot}%{_datadir}/locale/locale.alias +fi + + +%clean +rm -rf %{buildroot} + +%files -f %{name}.lang +%defattr(644,root,root,755) +%doc AUTHORS COPYING README TODO BUGS +%attr(755,root,root) %{_bindir}/* +%{_datadir}/xfe/icons/* +%{_datadir}/xfe/xferc +%{_datadir}/applications/xf*.desktop +%{_datadir}/pixmaps/* +%{_mandir}/man1/* + +%changelog +* Sun Nov 5 2017 B Stack <bgstack15@gmail.com> +- Rebuild for Fedora 26 + +* Tue Sep 8 2009 Roland Baudin <roland65@free.fr> +- Added desktop files to the files section + +* Tue Feb 13 2007 Roland Baudin <roland65@free.fr> +- Fixed again the location of the config file xferc + +* Tue Feb 6 2007 Roland Baudin <roland65@free.fr> +- Rebuild for Fedora Core 6 +- Fixed the location of the config file xferc + +* Thu Nov 23 2006 Roland Baudin <roland65@free.fr> +- Added configure --enable-release option + +* Wed Oct 11 2006 Roland Baudin <roland65@free.fr> +- FOX 1.6.x support +- Removed the static build option + +* Tue Jun 21 2005 Roland Baudin <roland65@free.fr> +- FOX 1.4.x support. + +* Tue Aug 3 2004 Andrzej Stypula <andrzej@altair.krakow.pl> +- locale adjustment + +* Thu Jul 29 2004 Andrzej Stypula <andrzej@altair.krakow.pl> +- file permissions adjustment + +* Thu Jul 29 2004 Roland Baudin <roland65@free.fr> +- FOX 1.2.x support. + +* Fri Dec 19 2003 Roland Baudin <roland65@free.fr> +- Rebuild for Fedora Core 1. + +* Mon Oct 8 2003 Roland Baudin <roland65@free.fr> +- Add of libPNG requirements. + +* Mon Sep 8 2003 Roland Baudin <roland65@free.fr> +- Spec file for RedHat 9. + +* Fri Jul 18 2003 Roland Baudin <roland65@free.fr> +- Add of the man pages and fix of the locale.alias problem. + +* Mon Apr 14 2003 Roland Baudin <roland65@free.fr> +- Fixed the Xfe icon destination. + +* Fri Apr 11 2003 Roland Baudin <roland65@free.fr> +- Add of i18n. + +* Tue Jan 28 2003 Roland Baudin <roland65@free.fr> +- Add of the '--with-static' build option. + +* Thu Oct 15 2002 Roland Baudin <roland65@free.fr> +- First release of the spec file for RedHat 7.3. |