I have a task from our program security to verify all local accounts on all of our RHEL servers and turn them in. I have a working playbook, but I’m wondering if there is a better, more cleaner way to do this.
I have a script that I place on each server that runs one command:
for i in $(awk -F: ‘$3 >= 1000 {print $1}’ /etc/passwd); do id $i; done > results.txt
then I fetch that file and save it as the {{ ansible_fqdn }}.txt
I was thinking there has to use a template to iterate through the passwd file something like this:
{% for item in users %}
{{ item }} {{ lookup(‘pipe’, "id -u " + item) }}
then some type of when uid >=1000 append it to results.txt line
{% endfor %}
But I just cannot find anything on google about replacing that users variable with the passwd file or something similar. I appreciate any help. I could do it the first way, but would like a cleaner solution that uses ansible rather than scripts.
I have a task from our program security to verify all local accounts on all of our RHEL servers and turn them in. I have
a working playbook, but I'm wondering if there is a better, more cleaner way to do this.
I have a script that I place on each server that runs one command:
for i in $(awk -F: '$3 >= 1000 {print $1}' /etc/passwd); do id $i; done > results.txt
then I fetch that file and save it as the {{ ansible_fqdn }}.txt
I was thinking there has to use a template to iterate through the passwd file something like this:
{% for item in users %}
{{ item }} {{ lookup('pipe', "id -u " + item) }}
then some type of when uid >=1000 append it to results.txt line
{% endfor %}
But I just cannot find anything on google about replacing that users variable with the passwd file or something similar.
I appreciate any help. I could do it the first way, but would like a cleaner solution that uses ansible rather than scripts.
On modern systems passwd file is not authoritative (LDAP, Samba). The getent utility lists all users of the system
(getent passwd) and there is a corresponding Ansible module.
So I suggest the following solution:
tasks:
- name: Retrieve user information
getent:
database: passwd
split: ':'
- name: Build list of users with uid >= 1000
set_fact:
users: "{{ users | default() + [item.key] }}"
when: item.value[1] | int >= 1000
with_dict:
"{{ getent_passwd }}"
- debug:
var: users