HPE Community
Operating System - HP-UX
1752337 Members
5461 Online
108787 Solutions
New Discussion юеВ

Re: PKI authentication script

 
SOLVED
Go to solution
Adam W.
Valued Contributor

тАО09-23-2008 12:00 PM

тАО09-23-2008 12:00 PM

PKI authentication script

ANYONE!!!!,
I need some major help. I use HP-UX 11.11 and I somehow need to come up with a script that can search and destroy authentication certs per user, in several directories, to be used when a user leaves. My issue is basically I walked into a mess here at my new job. We use PKI and when someone leaves, I need something that will search the entire server for their PKI certification file and remove it. PLEASE HELP!!!!!!!!!
There are two types of people in the world, Marines and those who wish they were.
0 Kudos
20 REPLIES 20
James R. Ferguson
Acclaimed Contributor

тАО09-23-2008 12:13 PM

тАО09-23-2008 12:13 PM

Re: PKI authentication script

Hi Adam:

In general:

# find /path -xdev -type f -name "cert*" -exec rm -i {} +

...would search "/path" [and you could specify multiple directories here]; looking for files ('-f') whose basename matches the string "cert" followed by anything; and then removes the matching file.

Regards!

...JRF...
0 Kudos
Adam W.
Valued Contributor

тАО09-24-2008 04:07 AM

тАО09-24-2008 04:07 AM

Re: PKI authentication script

James thanks for the reply. The issue is that when a user moves their certs to say, a generic account, they often change the name of the cert. So how would I go about using the above mentioned command but searching for a particular sting inside of the file? Does that make sense?
There are two types of people in the world, Marines and those who wish they were.
0 Kudos
Ivan Krastev
Honored Contributor

тАО09-24-2008 04:17 AM

тАО09-24-2008 04:17 AM

Re: PKI authentication script

You can search for all cert files: *.key, *.pem ... and after that do a strings on this files to find the proper cert file.

regards,
ivan
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-24-2008 04:50 AM

тАО09-24-2008 04:50 AM

Re: PKI authentication script

Hi (again) Adam:

> So how would I go about using the above mentioned command but searching for a particular sting inside of the file?

If you want to use a pure shell script, something like this will work:

# cat .findit
#/usr/bin/sh
typeset DIR=$1
typeset PAT=$2
find ${DIR} -xdev -type f | while read FILE
do
[ $(file ${FILE} | grep -c ascii) -eq 0 ] && continue
grep "${PAT}" ${FILE} /dev/null
done
exit 0

...run as:

# ./findit /path string_to_match

This will report the names of files with the lines where the pattern matches. You can easily admend this to remove files.

The same thing can be done using Perl:

# perl -MFile::Find -e 'find(sub{push @f,$File::Find::name if -f $_ && -T _},".");@a=`grep -i $ARGV[0] @f`;print for sort @a' string_to_match

Either script confines itself to "test" (not binary) files.

Regards!

...JRF...

0 Kudos
Adam W.
Valued Contributor

тАО09-24-2008 05:25 AM

тАО09-24-2008 05:25 AM

Re: PKI authentication script

James,
Let me apologize for bothering you (again) I have never learned about scripting in any way. But I am a bit confused by you shell script entry. Would I simply paste what you wrote into a file? Also, on how to run it where you wrote "path" would I put like /home?
There are two types of people in the world, Marines and those who wish they were.
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-24-2008 05:42 AM

тАО09-24-2008 05:42 AM

Re: PKI authentication script

Hi (again) Adam:

> Let me apologize for bothering you (again) I have never learned about scripting in any way. But I am a bit confused by you shell script entry. Would I simply paste what you wrote into a file? Also, on how to run it where you wrote "path" would I put like /home?

No apology necessary. Copy and paste the shell script. All good scripts begin with an interpreter line. For the standard HP-UX shell that's:

#!/usr/bin/sh

...which tells the shell what interpreter to load to interpret (understand) the commands in the file.

Yes, in lieu of '/path' you would use '/home' or whatever directory you want to seach.

Regards!

...JRF...
0 Kudos
Adam W.
Valued Contributor

тАО09-24-2008 05:49 AM

тАО09-24-2008 05:49 AM

Re: PKI authentication script

Thanks James!!! I will give this a shot real quick and let you know how it turns out. I need to do some studying BIG TIME. When it comes to scripting of any kind I am way behind.
There are two types of people in the world, Marines and those who wish they were.
0 Kudos
Adam W.
Valued Contributor

тАО09-24-2008 06:28 AM

тАО09-24-2008 06:28 AM

Re: PKI authentication script

James when I run

perl -MFile::Find -e 'find(sub{push @f,$File::Find::name if -f $_ && -T _},".");@a=`grep -i $ARGV[0] @f`;print for sort @a' cac_ellertc I get the error "Syntax error at line 1 : `(' is not expected." Thoughts?
There are two types of people in the world, Marines and those who wish they were.
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-24-2008 06:39 AM

тАО09-24-2008 06:39 AM

Re: PKI authentication script

Hi Adam:

> I get the error "Syntax error at line 1 : `(' is not expected." Thoughts?

The perl script when pasted at the shell's command line should work just fine as posted. Did you do that or did you put it into a file of its own? If the later, please post the encapsulation.

Regards!

...JRF...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.