0

I have below script which creates user list and also filters ignore.txt file to ignore matching usernames. I would like to run this script on multiple hosts like hostA, hostB, hostC. Like if I run on one server it should run on other 4 servers and get the output and mail the output. 

#!/bin/sh
(
echo List of users in PRD 
echo
date
echo
grep -wvf ignore.txt /etc/passwd | awk -F: -v OFS=: '{print $1,$3,$5}' | sort 
) | tee "$(hostname)"_userlogins.txt |
mailx -s file xxxxxx@unix.com
Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Zaira Zareena
  • 3
  • 2
    This isn't a very good way to manage users on your servers. – jordanm Apr 24 '15 at 04:46
  • @jordanm your suggestion is to run this individually on each server like setting cron job to run each month.It will be like 4 mails sent to recipient.This is for reports for auditing purpose to make sure we donot have unwanted users in the list – Zaira Zareena Apr 24 '15 at 04:50
  • 2
    No, my suggestion would be to use some kind of centralized authentication, such as kerberos (freeIPA, active directory, etc). That way there is only a single host to audit. – jordanm Apr 24 '15 at 04:52

1 Answers1

2

Try to use pdsh. A lot of examples available on Project Page

If you like to use simple bash script:

#!/bin/bash
HOSTS="host1 host2 host3"
USER=root
CMD="ls"
for host in $HOST; do
  ssh ${USER}:{$host} "$CMD"
done

In all cases you would need to tune no-password auth using keys and append to ssh command: -i /path/to/key

Example to use:

#!/bin/bash
HOSTS="host1 host2"
N=1
FILE=report.txt
echo "List of users in PRD" > $FILE
date >> $FILE

for host in $HOSTS; do
  ssh $host -l root cat /etc/passwd|cut -d ':' -f 1 >/tmp/temp 2>/dev/null
  echo "====host $host====" >> $FILE
  cat /tmp/temp | tail -n +$N |grep -wvf ignore.txt|sort >> $FILE
done

rm -f /tmp/temp

#mailx -s $FILE xxx@unix.com
Reishin
  • 746
  • @resishin will this be secure no-password auth using keys? – Zaira Zareena Apr 24 '15 at 13:17
  • you could look here for the answer: here – Reishin Apr 24 '15 at 14:00
  • Additionally here. More topics about ssh and passing password as argument, and why this is bad think: here – Reishin Apr 24 '15 at 14:09
  • #!/bin/bash HOSTS=" 10.xx.xx.xxx" FILE=report.txt echo "List of users in PRD" > $FILE date >> $FILE

    for host in $HOSTS; do ssh $host -l zaira cat /etc/passwd|cut -d ':' -f 1 >/tmp/temp echo "====host $host====" >> $FILE cat /tmp/temp |grep -wvf ignore.txt|sort >> $FILE done

    rm -f /tmp/temp

    #mailx -s $FILE xxxxx@unix.com

     – Zaira Zareena Apr 24 '15 at 16:38
  • i tried above nothing happened what i am missing here.10.XX.XX.XXX is the remote host..also generated ssh--following this link https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ssh-configuration-keypairs.html -->followed To generate an RSA key pair for version 2 of the SSH protocol – Zaira Zareena Apr 24 '15 at 16:38
  • you should check connectivity and your key manually, before executing the script: ssh -i /path/to/key username@host (usage of -i depends on your settings), if remote would be opened, check access rights for user "zaira" to passwd file and after that use example above. for debug you could keep /tmp/temp file and check content. By default, there should be list of the users. Additionally, be sure that HOST="10.xx.." contain no spaces. Strictly follow my example notation. – Reishin Apr 24 '15 at 18:10
  • And you would see no text on the screen, instead check report.txt file in current directory or add cat $FILE to the end, if you need to see results on the screen. – Reishin Apr 24 '15 at 18:14
  • this what i ran #!/bin/bash HOSTS="xx.xxx.xxx.xx" FILE=report.txt echo "List of users in PRD" > $FILE date >> $FILE

    for host in $HOSTS; do ssh $host -l zaira cat /etc/passwd|cut -d ':' -f 1 >/tmp/temp echo "====host $host====" >> $FILE cat /tmp/temp |grep -wvf ignore.txt|sort >> $FILE done

    mailx -s $FILE xxxxx@unix.com ouput comes with date, host ipaddress, then warning banner, then list of users, email is not sent

     – Zaira Zareena Apr 24 '15 at 18:56
  • i tried this which sent an email, the problem is when you execute the script on command line..banner warning message pops up – Zaira Zareena Apr 24 '15 at 19:12
  • #!/bin/bash HOSTS="10.22.128.21" FILE=report.txt echo "List of users in PRD" > $FILE date >> $FILE

    for host in $HOSTS; do ssh $host -l muneer cat /etc/passwd|cut -d ':' -f 1 >/tmp/temp echo "====host $host====" >> $FILE cat /tmp/temp |grep -wvf ignore.users|sort >> $FILE done

    rm -f /tmp/temp

    mailx -s "User list" Khalid.muneer@bcm.edu < "$FILE"

     – Zaira Zareena Apr 24 '15 at 19:13
  • email command is commented by "#", i was suggested that xxxx@unix.com is not real address and you could un-comment command and adjust your preferred address by yourself. About banner and ip, it looks like different versions of ssh have different behavior, coz temp file was clear from banners on my side. At the end you could filter them from the file by command cat /tmp/temp | tail -n +N where N - number of lines to skip from the top – Reishin Apr 24 '15 at 19:15
  • report.txt contains list of users in PRD then next line date the host with IPaddress and list of users while temp file only has list of users. Warning Banner comes out when you execute the script and goes back to command prompt.Files doesnot have banner.Warning banner is like when you ssh to server how the banner comes up like warning this system are for the use of authorized personal only so and so – Zaira Zareena Apr 24 '15 at 20:35
  • 1
    i think we should move to chat, since you have less than 20 point i googled random chat room http://us21.chatzy.com/69026314701767 – Reishin Apr 24 '15 at 20:47
  • i have tried the script it only give the instance name advise please – Zaira Zareena Apr 26 '15 at 23:33
  • #!/bin/ksh

    #HOSTS format: HOSTS="1.2.3.4-BLD"

    FILE=report.txt

    date > $FILE echo >> $FILE

    for host in $HOSTS; do ip=$(echo $host|cut -d '-' -f 1) title=$(echo $host|cut -d '-' -f 2) ssh $ip -q -l zaira cat /etc/passwd|cut -d ':' -f 1 >temp 2>/dev/null echo "$title instance" >> $FILE echo "=================" >>$FILE cat temp|grep -wvf ignore.list|sort >> $FILE echo >> $FILE done

    rm -f temp

    mailx -s "User list" xxx@mail.com < "$FILE"

     – Zaira Zareena Apr 26 '15 at 23:35
  • you shouldn't use #!/bin/ksh, instead use #!/bin/bash - it's important – Reishin Apr 27 '15 at 04:27
  • i did some changes, as im running on AIX box ,so used ksh, Now the script works like a charm...thank you for your excellent help – Zaira Zareena Apr 27 '15 at 13:09
  • excution giving me a problem – Zaira Zareena Apr 27 '15 at 16:11
  • which one problem? – Reishin Apr 27 '15 at 21:57