This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joachim_Zint
Participant
‎2017-04-10 02:33 AM

Does anybody developed an Ansible playbook for creating users on GAIA ?


I mean with the GAIA specifics and not "only" the Linux standards like the following example.

---
- name: Create user
  user: name=user shell=/bin/bash home=/srv/user groups=admin,sudo generate_ssh_key=yes ssh_key_bits=2048
- name: Set password to user
  shell: echo user:plain_text_password | sudo chpasswd
  no_log: True

5 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-09-02 12:30 AM

You can use:

- name: "Add scp user"
   command: "{{ item }}"
   with_items:
     - clish -c 'add user scpuser uid 2600 homedir /home/scpuser' -s
     - clish -c 'add rba role scpRole domain-type System readwrite-features expert' -s
     - clish -c 'add rba user scpuser roles scpRole' -s
     - clish -c 'set user scpuser gid 100 shell /usr/bin/scponly' -s
     - clish -c 'set user scpuser password-hash <HASH>' -s

Thanks for Danny Jung‌ for HowTo - Creating an scpuser account on Gaia Clish 

Thanks for @Ryan Darst for CheckMates_Aug15_Demos.zip 

Joachim_Zint
Participant
‎2017-09-07 11:55 PM

Thx a lot....beside global script repository this is an good Option.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-09-09 02:25 AM
In response to Joachim_Zint

My playbook (I'm using playbook and not role)

Please fix the format Smiley Happy (scpuser/vpn123)

- name: "Add scp user"
command: "{{ item }}"
with_items:
- clish -c 'lock database override' -si
- clish -c 'add user scpuser uid 2600 homedir /home/scpuser' -si
- clish -c 'add rba role scpRole domain-type System all-features' -si
- clish -c 'add rba user scpuser roles scpRole' -si
- clish -c 'set user scpuser gid 100 shell /usr/bin/scponly' -si
- clish -c 'set user scpuser password-hash $1$O8IbUP0w$asylKUt4DUVDoemt95ubh.' -si
- clish -c 'unlock database' -si

0 Kudos
Brede_Jensen
Explorer
Explorer
‎2023-11-03 07:04 AM
In response to Ofir_Shikolski

what to do if you have two gw in cloning group ?

I get this error :  This command belongs to a cloning group synchronized feature and therefore cannot be executed in normal mode.

- name: add user
command: "{{item}}"
with_items:
- clish -c 'lock database override' -si
- clish -c 'set cloning-group-management on' -si
- clish -c 'add user test uid 0 homedir /home/test' -si
- clish -c 'add rba user test roles adminRole' -si
- clish -c 'set user test gid 0 shell /bin/bash' -si
- clish -c 'set user test realname "brede jensen"' -si
- clish -c 'set user test password-hash $password' -si
- clish -c 'unlock database' -si
0 Kudos
Ash_Sidhu
Participant
‎2018-11-08 07:57 AM

Yes, you should able to do this using the asnible role "gaia_fw1" 

Ansible Role

This blog post explains how to use the role. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events