Friday, February 6, 2015

adding a lansweeper user on a standalone linux box

let's pretend you're in a shop where everyone has their own linux box and for whatever reason they're not using central authentication, just because. and say you want to inventory them and you're using something like lansweeper, because you're that sort of person. just because.

lansweeper is totally cool with windows audits. and for linux/solaris/mac audits you have to have ssh enabled and the auditing user with a password. o k a y. pubkeys would be waay better, but i digress. given the task at hand, you still need to create a user on each and every one of those boxes. and because you're cool, you have ssh and pubkey access. cool.
From a management host:
# scp ~/lansweeper/skel/.* root@host:/etc/skel
# ssh -l root host 'bash -s' < lansweeperscript.sh

oh, and you have some special skel files, too.  because you're awesome.

....
#!/bin/bash 
# lansweeperscript
mkdir /opt/lansweeper ; useradd lansweeper -g users -d /opt/lansweeper
echo -e "silly\!pass\nsilly\!pass" | passwd lansweeper
cp /etc/skel/.bashrc /etc/skel/.profile /opt/lansweeper/
chown -R lansweeper.users /opt/lansweeper
cp /etc/sudoers /etc/sudoers.$(date +%Y%m%d%k%M)
sed -i -r -e 's/Defaults\s+(.*)requiretty(.*)/\1\2/' /etc/sudoers
echo 'lansweeper ALL=(ALL:ALL) ALL' >> /etc/sudoers
.....

You get bonus points if you're on a standalone box that doesn't do LDAP auth, but happens to have directories mounted and the like...

a. have an LDAP server and have created the user lansweeper and taken note of the uid (say 15349) .

b. created a home directory on your NFS-accessible fileserver (say, a NetApp) and have exported the volume as /home.

c. edited the passwd file on your NFS-accessible NetApp and have put  in the username, uid & gid ; say:
lansweeper::15349:100::/:

d.  and mount /home via fstab or something on your machine.  say, you have this line:
netapp:/home          /home           nfs     rsize=8192,wsize=8192   0 0

e. you change that first command to:
useradd lansweeper -u 15349 -g users -d /home/lansweeper

But if you're awesome and are on an LDAP'd system, you really only need to:

#!/bin/bash 
# lansweeperscript
cp /etc/sudoers /etc/sudoers.$(date +%Y%m%d%k%M)
sed -i -r -e 's/Defaults\s+(.*)requiretty(.*)/\1\2/' /etc/sudoers
echo 'lansweeper ALL=(ALL:ALL) ALL' >> /etc/sudoers

g. if you're totally lazy and not on a centos or redhat box you can forget the tty nonsense and issue this from your management system shell:

echo 'lansweeper ALL=(ALL:ALL) ALL' | ssh root@host "cat >> /etc/sudoers"
 
.....
NB:  sometimes you'll find that there's something funny going on with sudoers and tty; that's why i've removed the requiretty line from /etc/sudoers.
But a backup is always good in case we do something "wrong".

No comments: