HotWire Sudo file

The script below I wrote to edit a sudo file in a production environment.

#!/bin/sh
## Written By: BAB

## The purpose of this script is to make it so in a big EMERGENCY
## apps support or other approved body can be given access with out
## paging systems support unnecessarily. Great for hotwiring the sudo map!

## Script Name: Hot Wire

# Edits: changed script so that it will check if you can push to a machine before a username is entered not after the username is asked for. -BAB

## variables
DATE=`/usr/bin/date`

echo
echo “Enter the user names that needs to have FULL access through sudo”
echo “user names are entered in the form”
echo
echo EXAMPLE
echo “USER NAMES:userone,usertwo,userthree”
echo
echo “Then you will be asked to enter a machine.”
echo ” Only ONE machine name is allowed.”
echo “MACHINE:\c”
read machine

pushed=`ssh root@$machine grep emergencyacessusers /usr/local/etc/sudoers |wc -l`

if [ $pushed != 1 ]
then
echo “Not able to push to $machine – Page Systems for assistance.”
else

echo “USERNAMES:\c”
read usernames

#pushed=`ssh root@$machine grep emergencyacessusers /usr/local/etc/sudoers |wc -l`

#if [ $pushed != 1 ]
# then
# echo “Not able to push to $machine – Page Systems for assistance.”
# else

echo
echo “ALERT ALERT ALERT ALERT ”
echo “The sudoers hotwire file can only be run once ”
echo ” in a 24 hour period per a machine ”
echo “It resets every day at 9am ”

echo “Are you sure you want to allow $usernames to have full Access to machine $machine”
echo “Anything besides yes will Quit!”
echo
echo “yes ?:\c”
read yesno
if [ “$yesno” = “yes” ]
then
echo “pushing temporary sudo changes”
ssh root@$machine “sed ‘/EMERGENCYACCESS/s/emergencyacessusers/$usernames/’ /usr/local/etc/sudoers > /tmp/tempsudo-local” ## cat into temp file so sed does not clober orig file
if [ $? != 0 ]
then
echo “SUDOERS FILE COULD NOT BE PUSHED, POSSIBLE SERVER IS DOWN $DATE – Users:$usernames – Machine:$machine” >> /tmp/tempsudolog-now
else
ssh root@$machine “cat /tmp/tempsudo-local > /usr/local/etc/sudoers” ## Replace current list because of how sed works
if [ $? != 0 ]
then
echo “SUDOERS FILE COULD NOT BE PUSHED, POSSIBLE SERVER IS DOWN $DATE – Users:$usernames – Machine:$machine” $DATE >> /tmp/tempsudolog-now
else
ssh root@$machine “mailx -s ‘Hot Wire – SUDO PUSH’ alert@company.com < /usr/local/etc/sudoers”
if [ $? != 0 ]
then
echo “COULD NOT SEND MAIL. – $DATE – Users:$usernames – Machine:$machine” >> /tmp/tempsudolog-now
else
echo “$DATE – Users:$usernames – Machine:$machine” >> /tmp/tempsudolog-now
echo “SUDOERS file pushed successfully”
fi
fi
fi
cat /tmp/tempsudolog-now >> /opt/scripts/tempsudolog
rm /tmp/tempsudolog-now
else
echo “EXITED – ROOT SUDO PUSH ABORTED”
fi
fi