shellcheck fixup
This commit is contained in:
Clemens Schwaighofer
@@ -12,15 +12,15 @@ OLD_USERNAME="";
|
||||
NEW_USERNAME="";
|
||||
while getopts ":to:n:" opt; do
|
||||
case "${opt}" in
|
||||
t|test)
|
||||
t) # test
|
||||
TEST=1;
|
||||
;;
|
||||
o|old-user)
|
||||
o) # old-user
|
||||
if [ -z "${OLD_USERNAME}" ]; then
|
||||
OLD_USERNAME="${OPTARG}";
|
||||
fi;
|
||||
;;
|
||||
n|new-user)
|
||||
n) # new-user
|
||||
if [ -z "${NEW_USERNAME}" ]; then
|
||||
NEW_USERNAME="${OPTARG}";
|
||||
fi;
|
||||
@@ -36,7 +36,7 @@ while getopts ":to:n:" opt; do
|
||||
done;
|
||||
shift "$((OPTIND-1))"
|
||||
|
||||
if [ $(whoami) != "root" ]; then
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
echo "Script must be run as root user";
|
||||
exit;
|
||||
@@ -47,15 +47,15 @@ fi;
|
||||
|
||||
error=0;
|
||||
host=$(hostname);
|
||||
timestamp=$(date +%Y%m%d-%H%M%S);
|
||||
# timestamp=$(date +%Y%m%d-%H%M%S);
|
||||
# character to set getween info blocks
|
||||
separator="#";
|
||||
# base folder for all data
|
||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||
root_folder="${BASE_FOLDER}../";
|
||||
BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/";
|
||||
ROOT_FOLDER="${BASE_FOLDER}../";
|
||||
SSH_KEYGEN_FOLDER_CREATED_PUB='ssh-keygen-created-pub/';
|
||||
input_file='user_list.txt';
|
||||
user_list_file="${root_folder}${input_file}";
|
||||
user_list_file="${ROOT_FOLDER}${input_file}";
|
||||
default_ssh_keytype='ed25519';
|
||||
ssh_keytype='';
|
||||
# log file
|
||||
@@ -69,13 +69,14 @@ fi;
|
||||
ignore_users=('root' 'ec2-user' 'ubuntu' 'admin');
|
||||
# detect ssh authorized_keys setting
|
||||
SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
|
||||
SSH_AUTHORIZED_FILE='';
|
||||
# SSH_AUTHORIZED_FILE='';
|
||||
# shellcheck disable=SC2013
|
||||
for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep "%u"); do
|
||||
if [ ! -z $(echo "${cf}" | grep "%u") ]; then
|
||||
SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=$(echo "${cf}" | sed -e 's/%u//');
|
||||
if echo "$cf" | grep -q "%u"; then
|
||||
SSH_CENTRAL_AUTHORIZED_FILE_FOLDER="${cf/%%u//}";
|
||||
if [ ! -d "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
|
||||
echo "ssh central authorized_file folder could not be found: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
|
||||
error=1;
|
||||
exit;
|
||||
fi;
|
||||
fi;
|
||||
done;
|
||||
@@ -101,11 +102,11 @@ fi;
|
||||
|
||||
# skip ignore users, note that if a user is not in the sshallow list anyway
|
||||
# we skip them too, this is just in case check
|
||||
if [[ " ${ignore_users[*]} " =~ " ${OLD_USERNAME} " ]]; then
|
||||
if [[ " ${ignore_users[*]} " =~ [[:space:]]${OLD_USERNAME}[[:space:]] ]]; then
|
||||
echo "[!] User ${OLD_USERNAME} is in the ignore user list";
|
||||
error=1;
|
||||
fi;
|
||||
if [[ " ${ignore_users[*]} " =~ " ${NEW_USERNAME} " ]]; then
|
||||
if [[ " ${ignore_users[*]} " =~ [[:space:]]${NEW_USERNAME}[[:space:]] ]]; then
|
||||
echo "[!] User ${NEW_USERNAME} is in the ignore user list";
|
||||
error=1;
|
||||
fi;
|
||||
@@ -128,12 +129,12 @@ if [ -f "${user_list_file}" ]; then
|
||||
error=1;
|
||||
fi;
|
||||
# if the old user exists but as DELETED -> no go
|
||||
if [ ! -z $(echo "${user_list_entry}" | grep "#DELETED-") ]; then
|
||||
if ! echo "${user_list_entry}" | grep -q "#DELETED-"; then
|
||||
echo "[!!!] User ${OLD_USERNAME} has been flagged as deleted";
|
||||
error=1;
|
||||
fi;
|
||||
# if new user name already exists in user list file for whatever reason
|
||||
if [ $(grep "${NEW_USERNAME}" "${user_list_file}") ]; then
|
||||
if grep -q "${NEW_USERNAME}" "${user_list_file}"; then
|
||||
echo "[!!!] User ${NEW_USERNAME} exists in user_list.txt file";
|
||||
error=1;
|
||||
fi;
|
||||
@@ -146,17 +147,17 @@ fi;
|
||||
# parse user list entry for group/hostname/ssh type key to build ssh key list
|
||||
|
||||
# POS 3: groups
|
||||
_group=$(echo "${user_list_entry}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
|
||||
_group=$(echo "${user_list_entry}" | cut -d ";" -f 3 | tr '[:upper:]' '[:lower:]' | tr -d ' ');
|
||||
group=$(echo "${_group}" | cut -d "," -f 1);
|
||||
# POS 6: override host name, lowercase and spaces removed
|
||||
_hostname=$(echo "${user_list_entry}" | cut -d ";" -f 6 | tr A-Z a-z | tr -d ' ');
|
||||
_hostname=$(echo "${user_list_entry}" | cut -d ";" -f 6 | tr '[:upper:]' '[:lower:]' | tr -d ' ');
|
||||
if [ -z "${_hostname}" ]; then
|
||||
hostname=${host};
|
||||
else
|
||||
hostname=${_hostname};
|
||||
fi;
|
||||
# POS 7: ssh keytype override
|
||||
_ssh_keytype=$(echo "${user_list_entry}" | cut -d ";" -f 7 | tr A-Z a-z | tr -d ' ');
|
||||
_ssh_keytype=$(echo "${user_list_entry}" | cut -d ";" -f 7 | tr '[:upper:]' '[:lower:]' | tr -d ' ');
|
||||
if [ "${_ssh_keytype}" = "rsa" ]; then
|
||||
ssh_keytype="${_ssh_keytype}";
|
||||
else
|
||||
@@ -170,7 +171,7 @@ new_home_dir=$(echo "${old_home_dir}" | sed -e "s/\/${OLD_USERNAME}$/\/${NEW_USE
|
||||
# rename user
|
||||
if [ $TEST -eq 0 ]; then
|
||||
echo "usermod with ${new_home_dir}";
|
||||
usermod -l ${NEW_USERNAME} -m -d "${new_home_dir}" ${OLD_USERNAME};
|
||||
usermod -l "${NEW_USERNAME}" -m -d "${new_home_dir}" "${OLD_USERNAME}";
|
||||
else
|
||||
echo "$> usermod -l ${NEW_USERNAME} -m -d \"${new_home_dir}\" ${OLD_USERNAME};";
|
||||
fi
|
||||
@@ -234,6 +235,8 @@ if [ $TEST -eq 0 ]; then
|
||||
echo "update ${user_list_file}";
|
||||
sed -i -e "s/^\([A-Za-z0-9]\{1,\}\);${OLD_USERNAME};/\1;${NEW_USERNAME};/" "${user_list_file}";
|
||||
else
|
||||
# just as is print the sed command from above
|
||||
# shellcheck disable=SC2028
|
||||
echo "$> sed -i -e \"s/^\([A-Za-z0-9]\{1,\}\);${OLD_USERNAME};/\1;${NEW_USERNAME};/\" \"${user_list_file}\";";
|
||||
fi;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user