From 65b7a6ad430e6bb92d5fb5dd87a16d4a52792798 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Thu, 21 Dec 2023 16:39:05 +0900 Subject: [PATCH] Fix date check for account created date Use regex to check instead of empty string. A comment could be set instead of a date --- bin/check_last_login.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/bin/check_last_login.sh b/bin/check_last_login.sh index 499bbff..cff518f 100755 --- a/bin/check_last_login.sh +++ b/bin/check_last_login.sh @@ -131,15 +131,19 @@ for ssh_group in ${ssh_groups[@]}; do # check user create time, if we have set it in comment user_create_date_string=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 5); # if empty try last password set time - if [ -z "${user_create_date_string}" ]; then + if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then # user L 11/09/2020 0 99999 7 -1 user_create_date_string=$(passwd -S ${username} | cut -d " " -f 3); fi; # last try is user home .bash_logout - if [ -z "${user_create_date_string}" ]; then + if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then home_dir=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_logout"; user_create_date_string=$(stat -c %Z "${home_dir}"); fi; + # still no date -> set empty + if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then + user_create_date_string=""; + fi; # below only works if the user logged in, a lot of them are just file upload # users. Use the collect script from systemd-logind or /var/log/secure @@ -158,7 +162,7 @@ for ssh_group in ${ssh_groups[@]}; do found=$(grep "${username};" "${AUTH_LOG}"); fi; # always pre work account dates if they exist, but output only if text - if [ -z "${found}" ] && [ ! -z "${user_create_date_string}" ]; then + if [ ! -z "${user_create_date_string}" ]; then user_create_date=$(echo "${user_create_date_string}" | date +"%s" -f -); # if all empty, we continue with only check if user has last login date # else get days since creation