aherman
/
the-bastion
mirror of https://github.com/ovh/the-bastion
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
the-bastion/doc/sphinx/plugins/restricted/accountInfo.rst

113 lines
3.4 KiB
Raw Permalink Blame History

============
accountInfo
============
Display some information about an account
=========================================
.. admonition:: usage
:class: cmdusage
--osh accountInfo <--account ACCOUNT|--all> [OPTIONS]
.. program:: accountInfo
.. option:: --account ACCOUNT
The account name to work on
.. option:: --all
Dump info for all accounts (auditors only), use with ``--json``
.. option:: --with[out]-everything
Include or exclude all below options, including future ones
.. option:: --with[out]-groups
Whether to include the groups the account has a role on (SLOW, default: no)
.. option:: --with[out]-mfa-password-info
Whether to include MFA password info of the account (SLOW, auditors only, default: no)
.. option:: --with[out]-egress-keys
Whether to include the account's egress keys (SLOW, auditors only, default: no)
Usage examples
==============
Show info about a specific account::
--osh accountInfo --account jdoe12
Gather info about all accounts, with no extra data except their egress keys::
--osh accountInfo --all --without-everything --with-egress-keys --json
Gather info about all accounts, including all extra data (and possibly future options)::
--osh accountInfo --all --with-everything --json
Output example
==============
::
│ user1 is a bastion admin
│ user1 is a bastion superowner
│ user1 is a bastion auditor
│ user1 has access to the following restricted commands:
│ - accountCreate
│ - accountDelete
│ - groupCreate
│ - groupDelete
│ This account is part of the following groups:
│ testgroup1 Owner GateKeeper ACLKeeper Member -
│ gatekeeper-grp2 Owner GateKeeper - - -
│ This account is active
│ This account has no TTL set
│ This account is not frozen
│ This account has seen recent-enough activity to not be activity-expired
│ As a consequence, this account can connect to this bastion
│ Last seen on Thu 2023-03-16 07:51:49 UTC (00:00:00 ago)
│ Created on Fri 2022-06-17 09:52:50 UTC (271d+21:58:59 ago)
│ Created by jdoe
│ Created using The Bastion v3.08.01
│ Account egress SSH config:
│ - (default)
│ PIV-enforced policy for ingress keys on this account is enabled
│ Account Multi-Factor Authentication status:
│ - Additional password authentication is not required for this account
│ - Additional password authentication bypass is disabled for this account
│ - Additional password authentication is enabled and active
│ - Additional TOTP authentication is not required for this account
│ - Additional TOTP authentication bypass is disabled for this account
│ - Additional TOTP authentication is disabled
│ - PAM authentication bypass is disabled
│ - Optional public key authentication is disabled
│ - MFA policy on personal accesses (using personal keys) on egress side is: password
│ - Account is immune to idle counter-measures: no
│ - Maximum number of days of inactivity before account is disabled: (default)
│ Account PAM UNIX password information (used for password MFA):
│ - Password is set
│ - Password was last changed on 2023-01-27
│ - Password must be changed every 90 days at least
│ - A warning is displayed 75 days before expiration
│ - Account will not be disabled after password expiration
Reference in new issue View Git Blame Copy Permalink