#!/bin/ksh # File : cdot_get_useradmin_4_soxdb.sh # By : Maarten.deBoer@atos.net, 2017-04-12 # Subject : Script to get useradmin info #(0.3),210916 : Added DATE at CSV (Req. by Keith.Dixon) #(0.4),240611 : Renamed from : cdot_get_useradmin.sh # #DPA DDM Account [BTN] #•file format: csv #•csv data delimiter: semicolon #•file name: dpa_ddm.csv #•without headers! #•ELEMENT: concatenation of '@citrix_dwp' (result example: 'ddm account@dpa_ddm') #•Is admin: account property is TRUE if name includes '%admin%' #Input data file content #Order Key Type Size Default Is required Example / Description SOX model property mapping #1 USERID string 128 - yes Account name (common with DAS_ID) account #2 OBJECT string 64 - yes Application object: account access to object assigned_groups #3 ROLE string 64 - yes Account role assigned assigned_groups #4 CUSTOMER_NAME string 128 - yes Customer name, value common with SNOW #Functional limitations #•Customer () results from assigned #•multiple lines possible for the same account #•multiple objects for the same account are allowed (object used to created ELEMENT) #•multiple roles assignment for the same account & on the same object is allowed #•unique relation required: ELEMENT & USERID|arg=1 & CUSTOMER_NAME|arg=4 #Example csv file content #With Customer #A209480;DDM Account;DPADDM - admin;Atos Netherlands #NL08937;DDM Account;DPADDM - admin;Atos Netherlands #NL26057;DDM Account;DPADDM - admin;Atos Netherlands #NL26070;DDM Account;DPADDM - admin;Atos Netherlands #A208169;DDM Account;DPADDM - admin;Atos Netherlands # PGM="`basename $0|cut -d\. -f1`" VER="0.4" TMP="/tmp/${PGM}.$$" #CSV="/tmp/${PGM}.csv" LOG="${HOME}/log/${PGM}.log" SSH="/usr/bin/ssh -n" HOSTNAME="`hostname|cut -d\. -f1`" CLUSTERS="${HOME}/etc/clusters" PREFIX="nlnaf" MAIL="" MAILTO="maarten.deboer@atos.net" CFILTER="[?]*" DATE="`date +%Y-%m-%d`" CSV="/tmp/FSOD_cluster_useradmin_4_soxdb_${DATE}.csv" NAME_FILTER=";[anb][el0-9][0-9][0-9][0-9][0-9][0-9];" SSHCMD() # 1: Filername 2:Command-string # When issue with connection to cluster, try the nodes (-01 & -02) # "There are no entries matching your query." => EC=255 # "no connection" is also EC=255 { TMPERR="/tmp/${PGM}.$$.err" /usr/bin/ssh -n ${1} "${2}" 2> ${TMPERR} EC=${?} # Check if "ssh: connect to host 10.192.109.202 port 22: Connection refused" If so (EC2=0), the 2nd grep 'Connection refused' ${TMPERR} EC2=${?} if [ ${EC} -ne 0 ] && [ ${EC2} -eq 0 ]; then sleep 2 /usr/bin/ssh -n ${1}-01 "${2}" 2> ${TMPERR} EC=${?} grep 'Connection refused' ${TMPERR} EC2=${?} if [ ${EC} -ne 0 ] && [ ${EC2} -eq 0 ]; then sleep 2 /usr/bin/ssh -n ${1}-02 "${2}" 2> ${TMPERR} EC=${?} grep 'Connection refused' ${TMPERR} EC2=${?} if [ ${EC} -ne 0 ] && [ ${EC2} -eq 0 ]; then sleep 2 /usr/bin/ssh -n ${1}-03 "${2}" 2> ${TMPERR} EC=${?} grep 'Connection refused' ${TMPERR} EC2=${?} if [ ${EC} -ne 0 ] && [ ${EC2} -eq 0 ]; then echo " EC=${EC} sleep 2 ..." sleep 2 /usr/bin/ssh -n ${1}-04 "${2}" 2> ${TMPERR} EC=${?} grep 'Connection refused' ${TMPERR} EC2=${?} if [ ${EC} -ne 0 ] && [ ${EC2} -eq 0 ]; then echo "`date` ${PGM} ERROR with communication to ${1}. Connection to -01 - -04 failed too."|tee -a ${LOG} fi fi fi fi fi rm ${TMPERR} } USAGE() { echo "Usage: ${PGM} [options]" echo " Version: ${VER}" echo " options :" echo " -c : Cluster filter (${CFILTER})" echo " -e : Etc/clusters file (${CLUSTERS})" echo " -m | --mail : Mail the logging" echo " -h | --help : this help" echo " -V : Version" echo " -x : set -x" echo " --mailto : set new MAILTO (${MAILTO})" } # Check options while [ ${#} -gt 0 ] do case ${1} in -e) CLUSTERS="${2}"; shift ;; -c) CFILTER="${2}"; shift ;; -m | --mail) MAIL=1 ;; -h | --help) USAGE; exit 1 ;; -V) echo "${PGM}: v${VER}"; exit 3 ;; -x) set -x ;; --mailto) MAIL=1; MAILTO="${2}"; shift ;; *) echo "Option ${1} not known."; USAGE; exit 1 ;; esac shift done # MAIN #echo "# Vserver;User Name or Active Directory Group Name;User Name or Active Directory Group Name;Application;Authentication Method; Role Name;Role Name;Account Locked;Comment Text; " > ${TMP} #echo "# Vserver;User Name or Group Name;Application;Authentication Method;Role Name;Account Locked;Comment Text; " > ${TMP} echo "`date` ${PGM} v${VER} started."|tee -a ${LOG} echo " CLUSTERS=${CLUSTERS}" echo " CFILTER=${CFILTER}" echo " CSV=${CSV}" echo " HOSTNAME=${HOSTNAME}" echo " MAIL=${MAIL}" echo " MAILTO=${MAILTO}" sleep 1 touch ${TMP} #1 USERID string 128 - yes Account name (common with DAS_ID) account #2 OBJECT string 64 - yes Application object: account access to object assigned_groups #3 ROLE string 64 - yes Account role assigned assigned_groups #4 CUSTOMER_NAME string 128 - yes Customer name, value common with SNOW #A209480;DDM Account;DPADDM - admin;Atos Netherlands #NL08937;DDM Account;DPADDM - admin;Atos Netherlands #NL26057;DDM Account;DPADDM - admin;Atos Netherlands #NL26070;DDM Account;DPADDM - admin;Atos Netherlands #A208169;DDM Account;DPADDM - admin;Atos Netherlands #vserver;user-or-group-name;username;application;authentication-method;authmethod;remote-switch-ipaddress;role;profile;comment; #Vserver;User Name or Group Name;User Name or Group Name;Application;Authentication Method;Authentication Method;Remote Switch IP Address;Role Name;Role Name;Comment Text; for CLUSTER in `cat ${CLUSTERS}|grep -v ^#|grep ${CFILTER}` do # echo "${CLUSTER} ..." # ${SSH} ${CLUSTER} 'set -showseparator ";" ; security login show -field vserver,user-or-group-name,application,authmethod,role,acctlocked,comment'|grep ${PREFIX} | tee -a ${TMP} ${SSH} ${CLUSTER} "set -showseparator \";\" ; security login show -vserver ${CLUSTER} -field vserver,user-or-group-name,role,comment"|grep ${CLUSTER} | grep -E "${NAME_FILTER}"| while read LINE do # echo "LINE=${LINE}" USERID=`echo ${LINE}|awk -F\; '{print $3}'` OBJECT="NetApp-ONTAP account" ROLE=`echo ${LINE}|awk -F\; '{print $8}'` CUSTOMER_NAME="Atos Netherlands" CI="${CLUSTER}" echo " USERID=${USERID} OBJECT=${OBJECT} ROLE=${ROLE} CUSTOMER_NAME=${CUSTOMER_NAME}" echo "${USERID};${OBJECT};${ROLE};${CUSTOMER_NAME};${CI};" >> ${TMP} done # LINE done # for CLUSTER if [ ${MAIL} ] && [ "${MAILTO}" != "" ]; then cp /dev/null ${CSV} echo "# USERID;OBJECT;ROLE;CUSTOMER_NAME;CI;" > ${CSV} # sort in EXCLUDE multiple USERID's (due to ssh, ontapi, http access) cat ${TMP} | sort -u >> ${CSV} echo "# Created on `date` at ${HOSTNAME} by ${PGM} v${VER}" >> ${CSV} date | mailx -a ${CSV} -s "@${HOSTNAME}: User admin 4 SOXDB [${PGM} v${VER}]" ${MAILTO} echo "`date` Mailed to ${MAILTO}"|tee -a ${LOG} ${TMP} rm ${CSV} fi # MAIL # Finish rm ${TMP} echo "`date` ${PGM} v${VER} finished."|tee -a ${LOG} exit 0