From 68b450baaf4e78d5f08ab20eec5ff914605b3863 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Thu, 21 Dec 2023 13:46:58 +0900
Subject: [PATCH] Add warning message for logins

---
 bin/check_last_login.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/bin/check_last_login.sh b/bin/check_last_login.sh
index 8e376df..219d1fc 100755
--- a/bin/check_last_login.sh
+++ b/bin/check_last_login.sh
@@ -12,6 +12,7 @@ ssh_reject_group='sshreject';
 now=$(date +"%s");
 # max age for last login or account create without login
 max_age_login=90;
+warn_age_login=80;
 max_age_create=30;
 # one day in seconds
 day=86400;
@@ -56,15 +57,17 @@ if [ "${OUTPUT_TARGET}" == "text" ]; then
 	LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
 	exec &> >(tee -a "${LOG}");
 	echo "[START] =============>";
-	echo "Hostname          : "$(hostname);
-	echo "Run date          : "$(date +"%F %T");
-	echo "Max age last login: ${max_age_login} days";
-	echo "Max age no login  : ${max_age_create} days";
+	echo "Hostname           : "$(hostname);
+	echo "Run date           : "$(date +"%F %T");
+	echo "Max age last login : ${max_age_login} days";
+	echo "Warn age last login: ${warn_age_login} days";
+	echo "Max age no login   : ${max_age_create} days";
 elif [ "${OUTPUT_TARGET}" == "json" ]; then
 	echo '"Info": {'
 	echo '"Hostname": "'$(hostname)'",';
 	echo '"Date": "'$(date +"%F %T")'",';
 	echo '"MaxAgeLogin": '${max_age_login}',';
+	echo '"WarnAgeLogin": '${warn_age_login}',';
 	echo '"MaxAgeCreate": '${max_age_create}'';
 	echo '},'
 	echo '"Users": ['
@@ -170,6 +173,8 @@ for ssh_group in ${ssh_groups[@]}; do
 			if [ ${last_login} -gt ${max_age_login} ]; then
 				out_string="[!] last ssh log in ${last_login} days ago";
 				lock_user=1;
+			elif [ ${last_login} -gt ${warn_age_login} ]; then
+				out_string="OK [last ssh login ${last_login} days ago";
 			else
 				out_string="OK [ssh]";
 			fi;
@@ -186,6 +191,8 @@ for ssh_group in ${ssh_groups[@]}; do
 			if [ ${last_login} -gt ${max_age_login} ]; then
 				out_string="[!] last terminal log in ${last_login} days ago";
 				lock_user=1;
+			elif [ ${last_login} -gt ${warn_age_login} ]; then
+				out_string="OK [last terminal login ${last_login} days ago";
 			else
 				out_string="OK [lastlog]";
 			fi;