Create and manage users with Ansible – automatically create sudo users

Creating users is a very trivial task that requires time, especially if there is not a Active Directory mechanism integrated with the Linux servers. In order to make your life easier as an administrator you can run the below playbook that will create users based on a list and add them sudo capabilities.

Task 1
creates the users that have been specified on the loop section.

Task 2
creates the appropriate sudoers file

  1 ---               
  2 - name: create sudoers users based on request
  3   hosts: localhost
  4   become: true    
  5   tasks:          
  6     - name: create users based on a list
  7       user:       
  8         name: "{{ item }}"
  9         password: "{{ '#Passw0rd#' | password_hash('sha512') }}"
 10         shell: /bin/bash
 11       loop:       
 12         - user1
 13         - user2
 14                   
 15     - name: create sudoers file for user
 16       copy:       
 17         content: '{{ item }} ALL = (ALL) ALL'
 18         dest: "/etc/sudoers.d/{{item}}"
 19       loop:       
 20         - user1
 21         - user2

Run the playbook and verify that the password is correct and user has sudo capabilities.

ansible-playbook createusers.yml

Log commands for all users on Linux – Redhat auditd

As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).

In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.

First things first, check if auditd is already installed and started on your system.

Then go to the rules file and open it with your favorite editor.

vi /etc/audit/rules.d/audit.rules

Add the below two rules to the end of the file.

-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd

Then execute on terminal:

augenrules 

You should then restart the service. Trying to do so with systemctl you may encounter the below error:

Execute auditd stop and start using the below commands:

service auditd stop
service auditd start

Verify existing rules:

auditctl -l

You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.

Locate the action from logs.

Extend available properties of User.Identity – Asp.Net [web api]

Asp.net web api by default contains some pre configured fields that can handle the registration of a user in a web app. Some of them are Email, Password, Confirm Password and others. You can extend those properties and include your own for your purposes with the following procedure.

First of all you need to execute some commands in the package manager. You can find nuget package manager in Tools -> Nuget Package Manager -> PM Console 

The first thing to do is to enable Migrations

Enable-Migrations

The you can go to Models\AccountBindingModels.cs and add your property to the class RegisterBindingModel. Also add the same property in the Models\IdentityModels.cs inside ApplicationUser class. For example lets assume you want to add a username in the registration proccess. For this purpose you can use the following line

 public string AppUserName { get; set; }

Also include in the file.

using System;

The you must execute:

Add-Migration "AppUserName"
Update-Database

Those commands will run all the migration files and update the database schema to add a AppUserName column in your database.

Then update the registration action in Controllers\AccountController.cs to store AppUserName as well.

var user = new ApplicationUser() { UserName = model.Email, Email = model.Email, AppUserName = model.AppUserName };

It was that easy. you can finally find AppUserName in your database.