Ansible Lockout User in WIndows

 Hello Guys,

As i have already told you i am recently extensively working with windows systems.I have come across one more use case where i need to lock the users after 3 unsuccessfully login attempt ans the user is local and not connected to Ad environment 

I have written the playbook which work without AD

---

- hosts: windows

  tasks:

- name: Set user lockout after 3 attempt 

  win_command: net accounts /lockoutthreshold:3

  register: userLockout

  args:

    creates: C:\userLockout.lock

- name: Create userLockout.lock 

  win_copy:

    dest: C:\userLockout.lock

    content: ""

    force: no

  when: userLockout

- name: Set lockout duration to 10 min  

  win_command: net accounts /lockoutduration:10

  register: lockduration

  args:

    creates: C:\lockduration.lock

- name: Create lockduration.lock 

  win_copy:

    dest: C:\lockduration.lock

    content: ""

    force: no

  when: lockduration

- name: Set reset the lockout timeout adter 

  win_command: net accounts /lockoutwindow:10

  register: lockoutwindow

  args:

    creates: C:\lockoutwindow.lock

- name: Create lockoutwindow.lock 

  win_copy:

    dest: C:\lockoutwindow.lock

    content: ""

    force: no

  Enjoy ..! Let me know if you stuck with Automation with Ansible

Enable and Disable USB support on Linux servers without reboot

 Hello Guys,

In past couple of weeks i was working on a small project with very specific objective where i need to enable and disable the usb support on linux based edge device. I have use raspberry pi 4 as i don't have any  other supported industrial controller with me.

I have started with installing the default available os on the rasberry pi and i was able to login on the system which looks like 

after doing it i need to enable and disable the usb support on lets say hundreds of devices so its automation is the way cant do it manually at the same time i need to make sure that system should not required reboot other wise it will beat the purpose. so i can not go with conventional way of disabling the usb support at kernel level.

so after much google i have come across a utility in linux called usbguard which can be helpful. once the approach is finalised then i have moved into the  write a playbook the playbook looks as 

---

- name: enable disable USB

  hosts: "{{target}}"

  become: true

  vars:

    enable_usb: allow

  tasks:

    - name: Install usb guard on redhat family os

      ansible.builtin.yum:

        name: usbguard

        state: present

      when: ansible_facts['os_family'] == 'RedHat'

    - name: Install usb guard on others

      ansible.builtin.apt:

        name: usbguard

        state: present

      when: ansible_facts['os_family'] == 'Debian'

    - name: Install usb guard on the edge devices

      ansible.builtin.template:

        src: usbguard-daemon.conf.j2

        dest:  /etc/usbguard/usbguard-daemon.conf

        owner: root

        group: root

        mode: '0600'

    - name: restart usb guard service to {{ enable_usb }}

      ansible.builtin.service:

        name: usbguard

        state: restarted

        enabled: true

and template look like 

RuleFile=/etc/usbguard/rules.conf

RuleFolder=/etc/usbguard/rules.d/

ImplicitPolicyTarget={{ enable_usb }}

PresentDevicePolicy={{ enable_usb}}

PresentControllerPolicy={{enable_usb}}

InsertedDevicePolicy=apply-policy

RestoreControllerDeviceState=false

DeviceManagerBackend=uevent

IPCAllowedUsers=root

IPCAllowedGroups=wheel

IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/

DeviceRulesWithPort=false

AuditBackend=FileAudit

AuditFilePath=/var/log/usbguard/usbguard-audit.log

using above automation i can enable and disable the usb support with the redhat aap with a one click

with This one job i can get my job done

Ldap integrauon with Redhat Ansible AAP or Ansible Community Tower Part 2

 Now Lets start with the Ansible IT part you need to have working AAP setup

Go to settings and the LDAP settings in that Enter the below values

Ldap server URI :  ldap://192.168.1.17:389

ldap bind dn:  cn=admin,dc=example,dc=org

ldap bind password : admin

ldap group type : PosixGroup Type

Ldap User Search : 

[

  "OU=users,dc=example,dc=org",

  "SCOPE_SUBTREE",

  "(uid=%(user)s)"

]

Ldap Group Search:

[

  "dc=example,dc=org",

  "SCOPE_SUBTREE",

  "(objectClass=group)"

]

Ldap User Attribute map:

{

  "email": "mail",

  "first_name": "givenName",

  "last_name": "sn"

}

Ldap Group Type Parameters:

{

  "name_attr": "cn"

}

Ldap User Flag By Group:

{

  "is_superuser": [

    "cn=superusers,ou=users,dc=example,dc=org"

  ],

  "is_system_auditor": [

    "cn=auditors,ou=groups,dc=example,dc=org"

  ]

}

save all the settings and try login using nrathi ,kjha and lrathi

if you login using nrathi it will be System Administrator

if you login using kjha it will be Nornal User

if you login using lrathi it will be system auditor

And thats how its done...! Enjoy

Sending Html Email using Ansible Mail module

 Hello Guys,

Recently while working on one of the projects, I have to send an Email notification .Sending an Email is an Easy in Ansible one can use mail (community.general.mail) module to do it but what if we have to send an formatted Email or lets say an Html email

    We can chive the same with the help of  jinja template , file lookup plugin and mail module in ansible

the code for which will look like this

create a file called  alert_email.html.j2

[root@aap1 Email]# cat alert_email.html.j2 

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>Failed {{ job_id }}</title>

</head>

<body>

    <p>Dear Team,</p>

    <p>This is an automated alert to inform you about the following issue:</p>

    <ul>

        <li><strong>Failing Job: </strong> {{ job_id }} </li>

        <li><strong>Details: </strong> {{  issue_description }} </li>

    </ul>

    <p>Please take necessary actions to address this issue promptly.</p>

    <p>Best regards,<br/>{{ user_email }}</p>

</body>

</html>

sendmail.yml

---

- name: Send HTML email alert

  hosts: localhost

  vars_files:

    - var1.yml

  vars:

    job_id: 115

    user_email: "nrathi@example.com"

    issue_description: "The server is down and requires immediate attention."

  tasks:

    - name: Include Jinja template for email body

      template:

        src: alert_email.html.j2

        dest: /tmp/alert_email.html

    - name: Send email Alert

      mail:

        host: smtp.gmail.com

        port: 587

        subtype: html

        to:

        - "{{ to }}"

        subject: "Alert: {{ job_id }}"

        subtype: html

        body: "{{ lookup('file', '/tmp/alert_email.html') }}"

        username: "{{ uname }}"

        password: "{{ pass }}"

and in var1.yml file contains your smtp username, password and recipient list 

This is the final outcome

That should do it