#!/usr/bin/env python3
import sys
import os
import re
from itertools import chain
import pymysql
import pymysql.cursors
from SudoersLib import *
def string_cleaner(x):
pattern = re.sub(r"[\[{}\]\']", "", x)
return pattern
input_path="/admin/sudoers"
infiles= os.listdir(input_path)
connection = pymysql.connect(host='localhost',
user='sudodb',
password='sudodb',
database='sudoersdb')
cursor = connection.cursor()
qry = "TRUNCATE sudoroles"
cursor.execute(qry)
connection.commit()
for infile in infiles:
infile=os.path.join(input_path, infile)
sudo_obj = Sudoers(path=infile)
file_name = os.path.basename(infile)
active_on = file_name.split('_')[1]
for key in sudo_obj.host_aliases:
hostalias = string_cleaner(str(key) + str(" = ") + str(sudo_obj.host_aliases[key]))
qry = "INSERT INTO sudoroles (active_on, hostalias) VALUES (%s, %s)"
cursor.execute(qry, (active_on, hostalias))
for key in sudo_obj.cmnd_aliases:
cmndalias = string_cleaner(str(key) + str(" = ") + str(sudo_obj.cmnd_aliases[key]))
qry = "INSERT INTO sudoroles (active_on, cmndalias) VALUES (%s, %s)"
cursor.execute(qry, (active_on, cmndalias))
for key in sudo_obj.runas_aliases:
runasalias = string_cleaner(str(key) + str(" = ") + str(sudo_obj.runas_aliases[key]))
qry = "INSERT INTO sudoroles (active_on, runasalias) VALUES (%s, %s)"
cursor.execute(qry, (active_on, runasalias))
for key in sudo_obj.user_aliases:
useralias = string_cleaner(str(key) + str(" = ") + str(sudo_obj.user_aliases[key]))
qry = "INSERT INTO sudoroles (active_on, useralias) VALUES (%s, %s)"
cursor.execute(qry, (active_on, useralias))
for rule in sudo_obj.rules:
extracted_runas = [li['run_as'] for li in rule["commands"]]
extracted_tags = [li['tags'] for li in rule["commands"] if li['tags'] is not None]
extracted_commands = [li['command'] for li in rule["commands"]]
result = str(rule["users"])
result += " "
result += str(rule["hosts"])
result += "="
result += "("
result += str(list(set(list(chain(*extracted_runas)))))
result += ")"
result += " "
if len(extracted_tags) != 0:
result += str(list(set(list(chain(*extracted_tags)))))
result += ":"
result += " "
result += str(extracted_commands)
rule = string_cleaner(result)
qry = "INSERT INTO sudoroles (active_on, rules) VALUES (%s, %s)"
cursor.execute(qry, (active_on, rule))
print(rule)
connection.commit()
MariaDB [sudoersdb]> show tables;
+---------------------+
| Tables_in_sudoersdb |
+---------------------+
| sudoroles |
+---------------------+
1 row in set (0.000 sec)
MariaDB [sudoersdb]> describe sudoroles;
+------------+--------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+--------------+------+-----+---------------------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| active_on | varchar(256) | YES | MUL | NULL | |
| hostalias | text | YES | MUL | NULL | |
| cmndalias | text | YES | MUL | NULL | |
| runasalias | text | YES | MUL | NULL | |
| useralias | text | YES | MUL | NULL | |
| rules | text | YES | MUL | NULL | |
| created | timestamp | NO | MUL | current_timestamp() | |
+------------+--------------+------+-----+---------------------+----------------+
8 rows in set (0.008 sec)
MariaDB [sudoersdb]> select active_on, rules, created from sudoroles where active_on = "sag0190";
+-----------+-----------------------------------------------------------------------------------------------------------+---------------------+
| active_on | rules | created |
+-----------+-----------------------------------------------------------------------------------------------------------+---------------------+
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | NULL | 2022-02-02 13:23:34 |
| sag0190 | root ALL=(ALL) ALL | 2022-02-02 13:23:34 |
| sag0190 | CTMAGENT ALL=(root) NOPASSWD: DDSITU2, ABBATCH | 2022-02-02 13:23:34 |
| sag0190 | DDSITU2 ALL=(root) NOPASSWD: CTMAGENT, SUORACLE, DDSITU2 | 2022-02-02 13:23:34 |
| sag0190 | XAMW_STAFF ALL=(root) NOPASSWD: XSU_JBOSS1, XSU_JBOSS2, XSU_JBOSS3, XSU_JBOSS4, AWMPERM, DDSITU2, ABBATCH | 2022-02-02 13:23:34 |
| sag0190 | CTM ALL=(root) NOPASSWD: CTMAGENT | 2022-02-02 13:23:34 |
| sag0190 | 31aha ALL=(root) NOPASSWD: XSU_JBOSS1, XSU_JBOSS3 | 2022-02-02 13:23:34 |
| sag0190 | appladm ALL=(root) NOPASSWD: ABBATCH | 2022-02-02 13:23:34 |
+-----------+-----------------------------------------------------------------------------------------------------------+---------------------+
15 rows in set (0.001 sec)
cool isnt'it?
one littel flaw is left, as sudo allows multiple tags in a role in the format NOPASSWD:NOEXEC: hence the embedded tags list, i
need a way to format the list from
jboss01 ALL=(magnax, ALL) SETENV, NOPASSWD: /opt/app/wartung/mserver.bin, /opt/app/wartung/tools/get_lieferung.bin
to
jboss01 ALL=(magnax, ALL) SETENV:NOPASSWD: /opt/app/wartung/mserver.bin, /opt/app/wartung/tools/get_lieferung.bin
for keeping sudo format intact.