ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AWS user account management scripts updates

Browse Source 
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
This commit is contained in:
Clemens Schwaighofer
2023-08-07 07:29:24 +09:00
parent eb194c2f1c
commit 571ddcc717
10 changed files with 323 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bin/check_last_login.sh
View File

@@ -16,8 +16,7 @@ max_age_create=30;
# one day in seconds
day=86400;
# delete account strings
delete_accounts="";
user_group_tpl="gpasswd -d %s %s;gpasswd -a %s %s;";
lock_accounts="";
# log base folder
LOG="${BASE_FOLDER}/../log";
# auth log file user;date from collect_login_data script
@@ -48,7 +47,7 @@ echo "Checking Group : ${ssh_group}";
continue;
fi;
account_age=0;
delete_user=0;
lock_user=0;
out_string="";
#echo "* Checking user ${username}";
# check user create time, if we have set it in comment
@@ -80,7 +79,7 @@ echo "Checking Group : ${ssh_group}";
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
if [ ${last_login} -gt ${max_age_login} ]; then
out_string="[!] last ssh log in ${last_login} days ago";
delete_user=1;
lock_user=1;
else
out_string="OK [ssh]";
fi;
@@ -93,7 +92,7 @@ echo "Checking Group : ${ssh_group}";
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
if [ ${last_login} -gt ${max_age_login} ]; then
out_string="[!] last terminal log in ${last_login} days ago";
delete_user=1;
lock_user=1;
else
out_string="OK [lastlog]";
fi;
@@ -105,7 +104,7 @@ echo "Checking Group : ${ssh_group}";
account_age=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${user_create_date} ${day}");
if [ ${account_age} -gt ${max_age_create} ]; then
out_string="[!] Never logged in, account created ${account_age} days ago";
delete_user=1;
lock_user=1;
else
out_string="OK [first login]";
fi;
@@ -113,8 +112,8 @@ echo "Checking Group : ${ssh_group}";
out_string="[!!!] Never logged in and we have no create date";
fi;
# build delete output
if [ ${delete_user} = 1 ]; then
delete_accounts="${delete_accounts}"$(printf "${user_group_tpl}" "${username}" "${ssh_group}" "${username}" "${ssh_reject_group}")$'\n';
if [ ${lock_user} = 1 ]; then
lock_accounts="${lock_accounts} ${username}"
fi;
printf "* Checking user %-20s: %s\n" "${username}" "${out_string}";
done;
@@ -124,11 +123,11 @@ echo "Showing current SSH Reject users:"
for user in $(cat /etc/group|grep "${ssh_reject_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
echo "${user}";
done;
if [ ! -z "${delete_accounts}" ]; then
if [ ! -z "${lock_accounts}" ]; then
echo "--------------------->"
echo "% Run list below to move users to reject ssh group";
echo "% Run script below to move users to reject ssh group";
echo "";
echo "${delete_accounts}";
echo "bin/lock_user.sh ${lock_accounts}";
fi;
echo "[END] ===============>"