-
Notifications
You must be signed in to change notification settings - Fork 15
/
AuditLoginLinux.yml
100 lines (83 loc) · 4.69 KB
/
AuditLoginLinux.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Author: [email protected]
#
# This playbook will :
#
# REMOTE MACHINE TASKS:
# 1. Update the index.html page which has been saved locally.
# 2. Create raw info from AWK on remote servers from last command.
# 3. Copy from source to local.
# 4. Destroy all remote files created.
#
# LOCAL TASKS:
# 5. Compile all raw info into one sheet and will also remove all blank lines.
# 6. Add more data about Perimeter and Application.
# 7. Converting the data into JSON format with AWK.
# 8. Cleaning old data after conversion.
# 9. Turning the JSON data into an array for JavaScript compatibility.
# 10. Moving the file into the source code.
#
# Repetition of tasks is required as the volume of servers are too many to accomodate in singular JSON Array.
---
- name: running script locally here
hosts: 127.0.0.1
connection: local
gather_facts: no
tasks:
- name: Inserting date in HTML file
shell: dt=`date` ; sed -i "72s/.*/$dt/" /Tabulogs/perimeter1/index.html
- hosts: test
gather_facts: yes
become: yes
become_method: sudo
tasks:
# I know this is crazy to do with last. I was using an old utils-linux. Consider using better arguments with last if you are using update utils-linux such as --since
# This can be launched any month and it will fetch the log from last month.
- name: Creating raw info
shell: Date=`date +%b -d 'last month'`; t=`hostname -s` && last | grep $Date | awk -v t="$t" '{print t, $1, $4 "-" $5 "-" $6 "-" $7, $9$10, $3 }' | egrep -v 'wtmp|reboot' > /tmp/$t
- name: Copy from source to destination.
fetch: src=/tmp/{{ ansible_hostname }} dest=/Tabulogs/AnsibleWorkDesk/Servers flat=yes
- name: Destroying rememote files
shell: rm -f /tmp/{{ ansible_hostname }}
########### LOCAL TASKS
- name: Working locally
hosts: 127.0.0.1
connection: local
gather_facts: no
tasks:
- name: Merging all the data
shell: awk 'NF' /Tabulogs/AnsibleWorkDesk/Servers/* | sed '/^\s*$/d' > /Tabulogs/AnsibleWorkDesk/AllInOne
# Use only if you have a list of Applications and Perimeter for your servers ready.
- name: Adding more data about Perimeter and Application.
shell: awk 'FNR == NR {a[$3] = $1 " " $2; next} { if ($1 in a) { NF++; $NF = a[$1] }; print}' /Tabulogs/AnsibleWorkDesk/rhel7_application_perimeter /Tabulogs/AnsibleWorkDesk/AllInOne > /Tabulogs/AnsibleWorkDesk/AllInOneWithPerimeterAndApplication
# If you dont have the list of Applications and Perimeter, you might need to tweak the awk command by removing the last two columns.
- name: Creating JSON files to be embed in javaScript (AngularJS )
shell: awk '{print "{" "\"" "Hostname" "\"" ":" "\"" $1"\"" "," "\"" "Username" "\"" ":" "\"" $2"\"" "," "\"" "Login" "\"" ":" "\"" $3"\"" "," "\"" "TimeTaken" "\"" ":" "\"" $4"\"" ",""\"" "IPAddress" "\"" ":" "\"" $5"\"" "," "\"" "Application" "\"" ":" "\"" $6"\"" "," "\"" "Perimeter" "\"" ":" "\""$7"\"""}" "," }' /Tabulogs/AnsibleWorkDesk/AllInOneWithPerimeterAndApplication > /Tabulogs/AnsibleWorkDesk/perimeter1/table.js
- name: Bullet proof approach by putting the JS into form - writing at the beginning of the file
lineinfile: dest=/Tabulogs/AnsibleWorkDesk/perimeter1/table.js line={{ item.javascript }} insertbefore=BOF
with_items:
- { javascript: "$scope.SampleRecords=[ " }
- { javascript: "$scope.q = ''; " }
- { javascript: "$scope.pageSize = 10; " }
- { javascript: "$scope.currentPage = 0; " }
- { javascript: "app.controller('Table', ['$scope', '$filter', function ($scope, $filter) { "}
- { javascript: "var app = angular.module(\"AngTable\", []); "}
- name: Bullet proof approach by putting the JS into form - writing at the end of the file
lineinfile: dest=/Tabulogs/AnsibleWorkDesk/Perimeter1/table.js line={{ item.javascript }} insertafter=EOF
with_items:
- { javascript: " ]; " }
- { javascript: "$scope.getData = function () { " }
- { javascript: "return $filter('filter')($scope.SampleRecords, $scope.q) " }
- { javascript: " }; "}
- { javascript: "$scope.numberOfPages=function(){ "}
- { javascript: "return Math.ceil($scope.getData().length/$scope.pageSize); "}
- { javascript: "}; "}
- { javascript: "}]); "}
- { javascript: "app.filter('startFrom', function() { "}
- { javascript: " return function(input, start) { "}
- { javascript: "start = +start; "}
- { javascript: "return input.slice(start); "}
- { javascript: " } "}
- { javascript: "}); "}
# Its not ok to use rm -f . I will update this part later for the Ansible RM module
- name: Destroying Local Files
shell: rm -f /Tabulogs/AnsibleWorkDesk/Servers/* && /Tabulogs/AnsibleWorkDesk/All*