From 74bfded26fd3a150a74b2c652f7efc1ef470f5e3 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Wed, 2 Nov 2022 16:04:26 +0900
Subject: [PATCH] Add logging to check last login script

Logging of all output to log/ folder for check last login script user.
Also for delete, user script now outputs move from ssh allow to ssh
reject group.
---
 bin/check_last_login.sh | 26 +++++++++++++++++++++++---
 log/.gitignore          |  2 ++
 2 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 log/.gitignore

diff --git a/bin/check_last_login.sh b/bin/check_last_login.sh
index 19cee05..5f18270 100755
--- a/bin/check_last_login.sh
+++ b/bin/check_last_login.sh
@@ -3,8 +3,11 @@
 # Checks for last access of users in sshallow group
 # if user login >30days, remoe user from sshallow group and write log
 
+# base folder
+BASE_FOLDER=$(dirname $(readlink -f $0))"/";
 # which group holds the ssh allowed login users (outside of admin users)
 ssh_group='sshallow';
+ssh_reject_group='sshreject';
 # date now for compare
 now=$(date +"%s");
 # max age for last login or account create without login
@@ -14,17 +17,28 @@ max_age_create=30;
 day=86400;
 # delete account strings
 delete_accounts="";
+user_group_tpl="deluser %s %s;adduser %s %s;";
+# log base folder
+LOG="${BASE_FOLDER}/../log";
 
 if [ $(whoami) != "root" ]; then
 	echo "Script must be run as root user";
 	exit;
 fi;
+if [ ! -d "${LOG}" ]; then
+	echo "log folder ${LOG} not found";
+	exit;
+fi;
+LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
+exec &> >(tee -a "${LOG}");
 echo "[START] =============>";
+echo "Run date          : "$(date +"%F %T");
 echo "Max age last login: ${max_age_login} days";
 echo "Max age no login  : ${max_age_create} days";
 for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
 # for user in clemens test42; do
 	account_age=0;
+	delete_user=0;
 	out_string="";
 	#echo "* Checking user ${user}";
 	# check user create time, if we have set it in comment
@@ -52,7 +66,7 @@ for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/
 		last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
 		if [ ${last_login} -gt ${max_age_login} ]; then
 			out_string="[!] last logged in ${last_login} days ago";
-			delete_accounts="${delete_accounts}deluser ${user} ${ssh_group};";
+			delete_user=1;
 		else
 			out_string="OK";
 		fi;
@@ -64,18 +78,24 @@ for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/
 		account_age=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${user_create_date} ${day}");
 		if [ ${account_age} -gt ${max_age_create} ]; then
 			out_string="[!] Never logged in, account created ${account_age} days ago";
-			delete_accounts="${delete_accounts}deluser ${user} ${ssh_group};";
+			delete_user=1;
 		else
 			out_string="OK";
 		fi;
 	else
 		out_string="[!!!] Never logged in and we have no create date";
 	fi;
+	# build delete output
+	if [ ${delete_user} = 1 ]; then
+		delete_accounts="${delete_accounts}"$(printf "${user_group_tpl}" "${user}" "${ssh_group}" "${user}" "${ssh_reject_group}")$'\n';
+	fi;
 	printf "* Checking user %-20s: %s\n" "${user}" "${out_string}";
 done;
 if [ ! -z "${delete_accounts}" ]; then
 	echo "--------------------->"
-	echo ${delete_accounts};
+	echo "% Run list below to move users to reject ssh group";
+	echo "";
+	echo "${delete_accounts}";
 fi;
 echo "[END] ===============>"
 
diff --git a/log/.gitignore b/log/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/log/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore