#ansbile task/check_aduser.yml
---
- name: update admin open powershell.
win_regedit:
path: "{{regedit_path}}"
name: "{{regedit_name}}"
data: "{{regedit_open}}"
type: dword
- name: Create script storage path
win_file:
path: "{{install_dest}}"
state: "directory"
- name: Copy templates
template:
src: "{{template_file}}"
dest: "{{target_file}}"
#- name: excuting the ps1 script ...
# win_shell: "{{install_dest}}{{script_file}}"
# args:
# chdir: "{{install_dest}}"
- name: Install ADuser module.
win_shell: |
$IS = Get-WindowsFeature -Name RSAT-AD-AdminCenter|ForEach-Object {$_.Installed}
if ($IS = "False" ){ Start-Process powershell.exe -Verb runas -ArgumentList "-Command","Get-WindowsFeature -Name RSAT-AD-*|Install-WindowsFeature" -wait }
args:
chdir: "{{install_dest}}"
- name: Get {{ansible_hostname}} ADUser
win_shell: |
$FormatEnumerationLimit=-1;
$secpasswd = ConvertTo-SecureString '{{Login_Passwd}}' -AsPlainText -Force;
$mycreds = New-Object System.Management.Automation.PSCredential ("{{Login_User}}", $secpasswd);
get-aduser -Credential $mycreds -filter * -properties name, Memberof |ft -Wrap -autosize name, memberof|out-string -width 900|findstr -V "Domain Admins" | out-file {{install_dest}}{{ansible_hostname}}.txt -encoding utf8
args:
chdir: "{{install_dest}}"
- name: Pull file to local
fetch:
src: "{{install_dest}}{{ansible_hostname}}.txt"
dest: "python/{{ENV}}/{{ansible_hostname}}.txt"
flat: yes
force: yes
- name: Comprasion Baseline and Actual.
local_action: shell python3 Compare.py {{ BASELINE }} {{ENV}}/{{ansible_hostname}}.txt
args:
chdir: "python/"
- name: Show {{ansible_hostname}} Comprasion result.
local_action: shell column -t -s ',' Result_{{ansible_hostname}}.csv
args:
chdir: "python/"
register: ADuserResult
- name: Show {{ansible_hostname}} Comprasion result.
debug: var=ADuserResult.stdout_lines#################################################################
#templete/CheckADUser.j2
Function CheckADUserCMD() {
$IS = Get-WindowsFeature -Name RSAT-AD-AdminCenter|ForEach-Object {$_.Installed}
if ($IS = "False" ){
Start-Process powershell.exe -Verb runas -ArgumentList "-Command","Get-WindowsFeature -Name RSAT-AD-*|Install-WindowsFeature" -wait
}
}
Function CheckADUser() {
$FormatEnumerationLimit=-1
$secpasswd = ConvertTo-SecureString '{{Login_Passwd}}' -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("{{Login_User}}", $secpasswd)
get-aduser -Credential $mycreds -filter * -properties name, Memberof |ft -Wrap -Autosize name, memberof|out-string -width 900|findstr -V "Domain Admins" | out-file {{install_dest}}{{ansible_hostname}}.txt -encoding utf8
}
CheckADUserCMD
CheckADUser
#####################################################################
#check_aduser/check_aduser.yml---
- hosts: win
any_errors_fatal: no
gather_facts: yes
serial:
- 5
roles:
- check_aduser
#####################################################################
#check_aduser/check_aduser.sh
#!/bin/bash
#==========================================================
# Filename: $0
# Author: Aiden kuang
# Create: 2020-10-20
# Description: call ansible to check win server aduser
# Last Modified: 2020-10-23
#==========================================================
digits=$(echo $1|wc -L)
factory=$(echo $1 | awk -F "-" '{print$1}')
usage() {
cat <<EOF
USAGE
==============================================================================================
1. Check all windows sever ADusers in ENV.
# $0 DIT6
2. Only check ADusers on the specified server.
# $0 DIT6-OIAPPST01
EOF
exit 1
}
CheckADuser () {
if [ $# == 0 ];then
usage
elif [ $# == 1 ] && [[ $digits -le 4 ]];then
ansible-playbook -i /etc/ansible/inventory/$1/inventory -l win -e "ENV=$1" /etc/ansible/roles/check_aduser/check_aduser.yml
elif [ $# == 1 ] && [[ $digits -gt 4 ]];then
ansible-playbook -i /etc/ansible/inventory/$factory/inventory -l $1 -e "ENV=$factory" /etc/ansible/roles/check_aduser/check_aduser.yml
# SAT2
#elif [ $# == 1 ] && [[ $1 =~ WINFO ]];then
#ansible-playbook -i /etc/ansible/inventory/SAT2/inventory -l $1 /etc/ansible/roles/check_aduser/check_aduser.yml
#elif [ $# == 2 ] && [[ $digits -le 4 ]];then
#ansible-playbook -i /etc/ansible/inventory/$1/inventory -l $2 /etc/ansible/roles/check_aduser/check_aduser.yml
else
usage
fi
}
main () {
CheckADuser "$@"
}
#########################################
main "$@"#####################################################################
#roles/checking/check_aduser/vars/main.yml
regedit_path: "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\"
regedit_name: "ConsentPromptBehaviorAdmin"
regedit_open: "0"
regedit_close: "2"
template_file: "CheckADUser.j2"
install_dest: "C:\\Temp\\CheckADUser\\"
script_file: "CheckADUser.ps1"
target_file: "{{ install_dest }}{{ script_file }}"
Login_User: "WIN_DM\\win_cfg_svc"
Login_Passwd: "P@ssw0rd1234"
BASELINE: "FO-1.2b_Data_Init_SAT_R0_v3.2.xlsx"
#####################################################################
#/roles/checking/check_aduser/python/Compare.py
import io
import json
import os
import sys
import pandas as pd
from pip._vendor import chardet
from xlwt import *
import xlrd
from xlutils.copy import copy
class Compare:
base_dir = os.path.realpath(os.path.dirname(__file__))
__targetRole = ["win_ics_foal_general_usr_grp", "win_ics_foal_margin_usr_grp", "win_ics_foal_risk_usr_grp",
"win_ics_foal_odds_usr_grp", "win_ics_foal_investment_usr_grp", "win_usr_grp"]
excelPath = ""
txtPath = ""
excel = 0
df = 0
result_Cmp = {}
def __init__(self, excel_path, txt_path):
self.excelPath = excel_path
self.txtPath = txt_path
self.excel = pd.read_excel(self.excelPath, sheet_name="User Account")
self.df = pd.DataFrame(self.excel)
def ParseTxtFile(self):
txt_dic = {}
role_list = []
# encoding = ""
# print(self.txtPath)
# f = open(self.txtPath, 'a+')
# context=f.read()
# print(context)
# b = f.detach()
# f = io.TextIOWrapper(b, encoding='utf-8')
# f.write(context)
# f.close()
with open(self.txtPath, "r", encoding="utf-8") as f:
tmp_line = ""
while True:
# line = f.readline().strip()
line = f.readline()
if not line:
print("Here")
break
if "{" in line and "}" in line:
line = line
elif "{" in line and "}" not in line:
tmp_line = line
line = ""
elif "{" not in line and "}" in line:
line = tmp_line + line
tmp_line = ""
else:
if len(tmp_line) > 0:
tmp_line = tmp_line + line
line = ""
if len(line) > 0:
index = line.index("{")
if (line.index("}") - index) > 2:
for item in line[index + 1:line.index("}") - 1].split(","):
if item.split("=")[1] in self.__targetRole:
role_list.append(item.split("=")[1])
if len(role_list) > 0:
txt_dic[line[:index].strip()] = role_list
role_list = []
return txt_dic
def ParseExcel(self):
excel_dic = {}
role_list = []
for row in range(2, len(self.df)):
for col in range(0, 5):
if self.df.iloc[row][col + 12] == "X":
role_list.append(self.__targetRole[col])
role_list.append(self.__targetRole[5])
excel_dic[self.df.iloc[row][0]] = role_list
role_list = []
return excel_dic
def ResultCompare(self, excel_dic, txt_dic):
result_cmp = {}
result_match = {}
result_mismatch = {}
for key in txt_dic.keys():
if excel_dic.get(key) is None:
continue
else:
excel_dic[key].sort()
txt_dic[key].sort()
if excel_dic[key] == txt_dic[key]:
result_match[key] = {"Baseline": str(excel_dic[key]), "Actual": str(txt_dic[key])}
else:
result_mismatch[key] = {"Baseline": str(excel_dic[key]), "Actual": str(txt_dic[key])}
result_cmp["Matched"] = result_match
result_cmp["Mismatched"] = result_mismatch
self.result_Cmp = result_cmp
print(result_cmp)
return result_cmp
def ResultToTxtFile(self, result_dic):
result_file_name = "/Result_" + os.path.basename(self.txtPath)
with open(self.base_dir + result_file_name, "w") as fp:
json.dump(result_dic, fp, indent=4)
print("Result stored in {0} Successfully!".format(self.base_dir + result_file_name))
fp.close()
def color_mismatch_red(self, val):
color = 'red' if val in self.result_Cmp else 'black'
return 'color: %s' % color
def HighlightBaselineWithResult(self):
s = self.df.style.applymap(self.color_mismatch_red)
s.to_excel("result.xlsx", engine='openpyxl')
def ResultToCSVFile(self, result_dic):
result_as_list = []
for key in result_dic.keys():
for name in result_dic[key]:
user_detail = [key, name]
for role in range(0, len(self.__targetRole)):
if self.__targetRole[role] in result_dic[key][name]:
user_detail.append("Y")
else:
user_detail.append("N")
result_as_list.append(user_detail)
if len(result_as_list) < 1:
result_as_list = [["All user role matched!", '', '', '', '', '', '', '']]
df = pd.DataFrame(result_as_list, columns=['UserId', "SourceType"] + self.__targetRole)
df.to_csv(self.base_dir + "/Result_" + os.path.basename(self.txtPath).replace(".txt", "") + ".csv")
if __name__ == '__main__':
if len(sys.argv) == 3:
excelPath = sys.argv[1]
txtPath = sys.argv[2]
if not os.path.isdir(excelPath):
excelPath = os.path.realpath(os.path.dirname(__file__)) + "/" + excelPath
if not os.path.isdir(txtPath):
txtPath = os.path.realpath(os.path.dirname(__file__)) + "/" + txtPath
if os.path.exists(excelPath) and os.path.exists(txtPath):
compare = Compare(excelPath, txtPath)
result_cmp = compare.ResultCompare(compare.ParseExcel(), compare.ParseTxtFile())
compare.ResultToCSVFile(result_cmp["Mismatched"])
else:
raise Exception("Not found the files you provided!")
else:
raise Exception("Please provide the baseline file and AD txt file, {0}".format(len(sys.argv)))
# excelPath = r"C:\Projects\AuditLogAccessCompare\FO-1.2bDataInit.-SATR0v3.2.xlsx"
# txtPath = r"C:\Projects\AuditLogAccessCompare\WINCDFDEPST01.txt"
# compare = Compare(excelPath, txtPath)
# result_cmp = compare.ResultCompare(compare.ParseExcel(), compare.ParseTxtFile())
# compare.ResultToCSVFile(result_cmp["Mismatched"])
# # compare.ResultToCSVFile(result_cmp["Matched"], True)#####################################################################
