Aegis Automation Workflows in 5 Minutes - Updating Local Passwords across multiple Linux/Unix based systems

Aegis Automation Workflows in 5 Minutes - Updating Local Passwords across multiple Linux/Unix based systems

The "Aegis Automation Workflows in 5 Minutes" cool-tool blog series shows examples of Aegis workflows which deliver value in as little as 5 minutes development time - all using out of the box activities! Aegis workflows can be forever evolving, and while these workflows fulfill a purpose, you may for example want to extend a workflow from being a simple notification workflow to one which goes further to remediate a problem.

This 5 minute workflow tackles the tedious problem of updating local passwords for an account across multiple Linux systems. In a previous 'Workflow in 5 Minutes' here I used a telnet connection to connect to network devices due to a limitation of the OS and suggested using SSH connection for better security. Well in this workflow I will use the SSH activity to establish secure connections to the target Linux box(es), and issue some commands to reset a users password. The workflow will use a list of known Linux machines, specifically SLES 11 in this case, connect to each one in turn, updating a specified users password.

This is what the workflow looks like...

wf

This workflow uses an input form to request login information to the server as well as old and new password information and account to update.

wf1

 

A list of Linux machines is stored in a workitem attribute array which is looped through via the 'For Each' activity. The SSH activity is used to make the connection to the Linux box and issue commands ...

wf2

 

... and then onto the next Linux machine!

 

And you are done ... hopefully in 5 minutes!

The workflow is attached if you want to compare results. The list of Linux boxes are stored in a workitem attribute array linuxBoxes - everything else is generic. The workflow requires Aegis 3.2 and SLES 11 Linux - (commands on other Linux varieties may be different or prompts in a different format) .

Next Steps - yes you've guessed it, there are loads of possibilities to extend this workflow! Here are some examples...

  1. A must - add some error handling and notification! If there are any failures (for example if a Linux Box is unreachable) the workflow will silently fail apart from an error in console.

  2. The workflow has a static list of device addresses - you can read the list dynamically from another source so the workflow always picks the current device list. Reading from File / Database etc.

  3. Add some verify password logic - ask for the password twice in input form and verify the values match.

  4. If the entered password is incorrect, the workflow will continue regardless - implement some logic to verify passwords before attempting password reset.

  5. Check the SSH activity output - make sure the password reset was a success - for example new password may be rejected as based on a dictionary word!

  6. What modifications if any are required to change root passwords ? Support different Linux OS?


BTW if you get a password wrong this is what will happen ... you don't want this to happen 😉 If you implement the suggestions in next steps you will avoid this scenario.

Last login: Thu Sep 4 13:17:16 2014 from sigea-aeg01.sigea.moc
cotterm@sigea-sles01:~> su - bob
Password:
su: incorrect password
cotterm@sigea-sles01:~> passwd
Changing password for cotterm.
Old Password:
passwd: Authentication failure
cotterm@sigea-sles01:~> 000ps1D1dItAga1n
If '000ps1D1dItAga1n' is not a typo you can run the following command to lookup the package that contains the binary:
command-not-found 000ps1D1dItAga1n
-bash: 000ps1D1dItAga1n: command not found
cotterm@sigea-sles01:~> 000ps1D1dItAga1n
If '000ps1D1dItAga1n' is not a typo you can run the following command to lookup the package that contains the binary:
command-not-found 000ps1D1dItAga1n
-bash: 000ps1D1dItAga1n: command not found
cotterm@sigea-sles01:~> exit
logout
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2014-09-11 07:38
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.