check last login shellcheck fixes
This commit is contained in:
Clemens Schwaighofer
@@ -28,7 +28,7 @@ LOG="${BASE_FOLDER}/../log";
|
||||
AUTH_LOG="${BASE_FOLDER}/../auth-log/user_auth.log";
|
||||
|
||||
error=0;
|
||||
if [ $(whoami) != "root" ]; then
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo "Script must be run as root user";
|
||||
error=1;
|
||||
fi;
|
||||
@@ -36,11 +36,11 @@ if [ ! -d "${LOG}" ]; then
|
||||
echo "log folder ${LOG} not found";
|
||||
error=1;
|
||||
fi;
|
||||
if [ -z $(command -v curl) ]; then
|
||||
if [ -z "$(command -v curl)" ]; then
|
||||
echo "Missing curl application, aborting";
|
||||
error=1;
|
||||
fi;
|
||||
if [ -z $(command -v jq) ]; then
|
||||
if [ -z "$(command -v jq)" ]; then
|
||||
echo "Missing jq application, aborting";
|
||||
error=1;
|
||||
fi;
|
||||
@@ -89,18 +89,18 @@ if [ "${OUTPUT_TARGET}" = "text" ]; then
|
||||
echo "Max age no login : ${max_age_create} days";
|
||||
elif [ "${OUTPUT_TARGET}" = "json" ]; then
|
||||
echo '"Info": {'
|
||||
echo '"AccountId": '${account_id}',';
|
||||
echo '"Region": '${region}',';
|
||||
echo '"InstanceId": '${instance_id}',';
|
||||
echo '"Hostname": "'$(hostname)'",';
|
||||
echo '"Date": "'$(date +"%F %T")'",';
|
||||
echo '"AccountId": '"${account_id}"',';
|
||||
echo '"Region": '"${region}"',';
|
||||
echo '"InstanceId": '"${instance_id}"',';
|
||||
echo '"Hostname": "'"$(hostname)"'",';
|
||||
echo '"Date": "'"$(date +"%F %T")"'",';
|
||||
echo '"MaxAgeLogin": '${max_age_login}',';
|
||||
echo '"WarnAgeLogin": '${warn_age_login}',';
|
||||
echo '"MaxAgeCreate": '${max_age_create}'';
|
||||
echo '},'
|
||||
echo '"Users": ['
|
||||
fi;
|
||||
for ssh_group in ${ssh_groups[@]}; do
|
||||
for ssh_group in "${ssh_groups[@]}"; do
|
||||
if [ "${OUTPUT_TARGET}" = "text" ]; then
|
||||
echo "--------------------->"
|
||||
if [ "${ssh_group}" = "${ssh_reject_group}" ]; then
|
||||
@@ -110,7 +110,7 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
echo "Checking Group : ${ssh_group}";
|
||||
fi;
|
||||
fi;
|
||||
for username in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
|
||||
while read -r username; do
|
||||
# check that user exists in passwd
|
||||
if ! id "${username}" &>/dev/null; then
|
||||
out_string="[!] User $username does not exists in /etc/passwd file";
|
||||
@@ -120,8 +120,8 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
;;
|
||||
json)
|
||||
echo "{";
|
||||
echo '"Username": "'${username}'",';
|
||||
echo '"SshGroup": "'${ssh_group}'",';
|
||||
echo '"Username": "'"${username}"'",';
|
||||
echo '"SshGroup": "'"${ssh_group}"'",';
|
||||
echo '"MainGroup": "",';
|
||||
echo '"SubGroups": [],';
|
||||
echo '"AccountCreatedDate": "",';
|
||||
@@ -130,10 +130,11 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
echo '"LastLoginAge": "",';
|
||||
echo '"LoginSource": "",';
|
||||
echo '"NeverLoggedIn": true,';
|
||||
echo '"Status": "'${out_string}'"';
|
||||
echo '"Status": "'"${out_string}"'"';
|
||||
echo "}";
|
||||
;;
|
||||
csv)
|
||||
# shellcheck disable=SC2059
|
||||
printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "" "${ssh_group}" "" "" "" "" "true" "${out_string}"
|
||||
;;
|
||||
esac;
|
||||
@@ -157,17 +158,17 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
sub_groups=$(id -Gn "${username}" | sed -e "s/${main_group}//" | sed -e "s/${ssh_group}//")
|
||||
#echo "* Checking user ${username}";
|
||||
# check user create time, if we have set it in comment
|
||||
user_create_date_string=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 5);
|
||||
user_create_date_string=$(grep "${username}:" /etc/passwd | cut -d ":" -f 5);
|
||||
# if empty try last password set time
|
||||
if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
|
||||
# user L 11/09/2020 0 99999 7 -1
|
||||
user_create_date_string=$(passwd -S ${username} | cut -d " " -f 3);
|
||||
user_create_date_string=$(passwd -S "${username}" | cut -d " " -f 3);
|
||||
fi;
|
||||
# last try is user home .bash_logout
|
||||
if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
|
||||
# try logout or bash history
|
||||
home_dir_bl=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_logout";
|
||||
home_dir_bh=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_history";
|
||||
home_dir_bl=$(grep "${username}:" /etc/passwd | cut -d ":" -f 6)"/.bash_logout";
|
||||
home_dir_bh=$(grep "${username}:" /etc/passwd | cut -d ":" -f 6)"/.bash_history";
|
||||
# check that this file exists
|
||||
if [ -f "${home_dir_bl}" ]; then
|
||||
user_create_date_string=$(stat -c %Z "${home_dir_bl}");
|
||||
@@ -184,7 +185,7 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
# users. Use the collect script from systemd-logind or /var/log/secure
|
||||
# Username Port From Latest
|
||||
# user pts/35 10.110.160.230 Wed Nov 2 09:40:35 +0900 2022
|
||||
last_login_string=$(lastlog -u ${username} | sed 1d);
|
||||
last_login_string=$(lastlog -u "${username}" | sed 1d);
|
||||
search="Never logged in";
|
||||
never_logged_in="false";
|
||||
found="";
|
||||
@@ -209,12 +210,12 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
last_login_date_string=$(grep "${username};" "${AUTH_LOG}" | cut -d ";" -f 2);
|
||||
last_login_date=$(echo "${last_login_date_string}" | date +"%s" -f -);
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
if [ "${last_login}" -gt ${max_age_login} ]; then
|
||||
out_string="[!] Last ssh log in ${last_login} days ago";
|
||||
if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
|
||||
lock_user=1;
|
||||
fi;
|
||||
elif [ ${last_login} -gt ${warn_age_login} ]; then
|
||||
elif [ "${last_login}" -gt ${warn_age_login} ]; then
|
||||
out_string="WARN [last ssh login ${last_login} days ago]";
|
||||
else
|
||||
out_string="OK [ssh, ${last_login} days ago]";
|
||||
@@ -222,19 +223,19 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
login_source="ssh";
|
||||
# rewrite to Y-M-D, aka
|
||||
last_login_date="${last_login_date_string}"
|
||||
elif [ -n "${last_login_string##*$search*}" ]; then
|
||||
elif [ -n "${last_login_string##*"$search"*}" ]; then
|
||||
# if we have "** Never logged in**" the user never logged in
|
||||
# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
|
||||
# awk '{for(i=4;i<=NF;++i)printf $i FS}'
|
||||
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
|
||||
# date -d "Wed Nov 2 09:40:35 +0900 2022" +%s
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
if [ "${last_login}" -gt ${max_age_login} ]; then
|
||||
out_string="[!] Last terminal log in ${last_login} days ago";
|
||||
if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
|
||||
lock_user=1;
|
||||
fi;
|
||||
elif [ ${last_login} -gt ${warn_age_login} ]; then
|
||||
elif [ "${last_login}" -gt ${warn_age_login} ]; then
|
||||
out_string="WARN [last terminal login ${last_login} days ago]";
|
||||
else
|
||||
out_string="OK [lastlog, ${last_login} days ago]";
|
||||
@@ -242,7 +243,7 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
login_source="lastlog";
|
||||
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%F %T" -f -)
|
||||
elif [ -n "${user_create_date}" ]; then
|
||||
if [ ${account_age} -gt ${max_age_create} ]; then
|
||||
if [ "${account_age}" -gt ${max_age_create} ]; then
|
||||
out_string="[!] Never logged in: account created ${account_age} days ago";
|
||||
if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
|
||||
lock_user=1;
|
||||
@@ -275,24 +276,25 @@ for ssh_group in ${ssh_groups[@]}; do
|
||||
done;
|
||||
sub_groups_string="${sub_groups_string}]";
|
||||
echo "{";
|
||||
echo '"Username": "'${username}'",';
|
||||
echo '"SshGroup": "'${ssh_group}'",';
|
||||
echo '"MainGroup": "'${main_group}'",';
|
||||
echo '"SubGroups": '${sub_groups_string}',';
|
||||
echo '"AccountCreatedDate": "'${user_create_date_out}'",';
|
||||
echo '"AccountAge": "'${account_age}'",';
|
||||
echo '"LastLoginDate": "'${last_login_date}'",';
|
||||
echo '"LastLoginAge": "'${last_login}'",';
|
||||
echo '"LoginSource": "'${login_source}'",';
|
||||
echo '"NeverLoggedIn": '${never_logged_in}',';
|
||||
echo '"Status": "'${out_string}'"';
|
||||
echo '"Username": "'"${username}"'",';
|
||||
echo '"SshGroup": "'"${ssh_group}"'",';
|
||||
echo '"MainGroup": "'"${main_group}"'",';
|
||||
echo '"SubGroups": '"${sub_groups_string}"',';
|
||||
echo '"AccountCreatedDate": "'"${user_create_date_out}"'",';
|
||||
echo '"AccountAge": "'"${account_age}"'",';
|
||||
echo '"LastLoginDate": "'"${last_login_date}"'",';
|
||||
echo '"LastLoginAge": "'"${last_login}"'",';
|
||||
echo '"LoginSource": "'"${login_source}"'",';
|
||||
echo '"NeverLoggedIn": '"${never_logged_in}"',';
|
||||
echo '"Status": "'"${out_string}"'"';
|
||||
echo "}";
|
||||
;;
|
||||
csv)
|
||||
# shellcheck disable=SC2059
|
||||
printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "${main_group}" "${ssh_group}" "${user_create_date_out}" "${account_age}" "${last_login_date}" "${last_login}" "${never_logged_in}" "${login_source}" "${out_string}"
|
||||
;;
|
||||
esac;
|
||||
done;
|
||||
done <<< "$(grep "${ssh_group}:" /etc/group | cut -d ":" -f 4 | sed -e 's/,/ /g')";
|
||||
done;
|
||||
if [ "${OUTPUT_TARGET}" = "text" ]; then
|
||||
if [ -n "${lock_accounts}" ]; then
|
||||
|
||||
Reference in New Issue
Block a user