Bash robuste
#!/bin/bash
set -euo pipefail # e=exit on error, u=undefined vars, o pipefail
LOG="/var/log/audit_$(date +%Y%m%d).log"
log() { echo "[$(date +%H:%M:%S)] $*" | tee -a "$LOG"; }
log "Debut de l'audit"
log "Utilisateurs avec shell bash :"
grep "/bin/bash" /etc/passwd | cut -d: -f1 | tee -a "$LOG"
log "Ports en ecoute :"
ss -tlnp | tee -a "$LOG"
log "Espace disque :"
df -h | tee -a "$LOG"
log "Audit termine"Idempotence
Un script idempotent produit le meme resultat qu'il soit execute 1 ou 100 fois. C'est le principe fondamental d'Ansible.
Ansible — Bases
# inventory.ini
[webservers]
web1 ansible_host=192.168.1.10
web2 ansible_host=192.168.1.11
# playbook.yml
- hosts: webservers
become: yes
tasks:
- name: Installer nginx
apt: name=nginx state=present
- name: Demarrer nginx
service: name=nginx state=started enabled=yesansible-playbook -i inventory.ini playbook.yml