AWS accunt scripts, deploy akamai scripts
A new last logged in, last created script has been added to check which users we have to disable. - checks in group sshallow - if last login older than 60days, remove account from ssh group - if we have account create date, check if never logged in and older than 30 days, remove account from ssh group Both dates can be set separate Update create script to add create date in Y-m-d (%F) format as comment to the passwd file Also add user to sshallow group (group always exists, is created on server creation)
This commit is contained in:
Clemens Schwaighofer
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# * input file
|
||||
# user_list.txt
|
||||
@@ -36,18 +36,19 @@ while getopts ":ti" opt; do
|
||||
done;
|
||||
# hostname for output file only
|
||||
host=$(hostname);
|
||||
timesamp=$(date +%Y%m%d-%H%M%S)
|
||||
timestamp=$(date +%Y%m%d-%H%M%S)
|
||||
# character to set getween info blocks
|
||||
separator="#";
|
||||
# base folder for all data
|
||||
root_folder=$(pwd)'/';
|
||||
input_file='user_list.txt';
|
||||
output_file="user_password.${timesamp}.txt";
|
||||
output_file="user_password.${timestamp}.txt";
|
||||
output_zip_folder='zip/';
|
||||
output_zip="users.${timesamp}.zip"
|
||||
output_zip="users.${timestamp}.zip"
|
||||
ssh_keygen_folder='ssh-keygen/';
|
||||
ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
|
||||
ssh_keytype='ed25519';
|
||||
ssh_group='sshallow';
|
||||
# check if ssh key folder exists
|
||||
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
||||
mkdir "${root_folder}${ssh_keygen_folder}";
|
||||
@@ -66,11 +67,17 @@ if [ ! command -v zip &> /dev/null ]; then
|
||||
echo "Missing zip application, aborting";
|
||||
exit;
|
||||
fi;
|
||||
# check if sshallow group exists
|
||||
if [ -z $(cat /etc/group|grep "${ssh_group}:") ]; then
|
||||
echo "Missing ssh access group: ${ssh_group}";
|
||||
exit;
|
||||
fi;
|
||||
# check if user list file exists
|
||||
if [ ! -f "${root_folder}${input_file}" ]; then
|
||||
echo "Missing ${root_folder}${input_file}";
|
||||
exit;
|
||||
fi;
|
||||
exit;
|
||||
# make sure my own folder is owned by root and 600 (except for testing)
|
||||
if [ $(stat -c %a .) != "600" ]; then
|
||||
echo "!!!! RECOMMENDED TO HAVE BASE FOLDER SET TO '600' AND USER 'root' !!!!"
|
||||
@@ -95,7 +102,8 @@ while read i; do
|
||||
_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
|
||||
group=$(echo "${_group}" | cut -d "," -f 1);
|
||||
sub_group="";
|
||||
sub_group_opt="";
|
||||
# sshallow group is always added
|
||||
sub_group_opt=" -G ${ssh_group}";
|
||||
# check if "," inside and extract sub groups
|
||||
if [ -z "${_group##*,*}" ]; then
|
||||
sub_group=$(echo "${_group}" | cut -d "," -f 2-);
|
||||
@@ -158,7 +166,8 @@ while read i; do
|
||||
else
|
||||
echo "++ Create '${user}:${group}(${sub_group})'";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user};
|
||||
# comment is user create time
|
||||
useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -m ${user};
|
||||
else
|
||||
echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user}";
|
||||
fi;
|
||||
@@ -255,3 +264,5 @@ else
|
||||
echo "$> rm ${root_folder}${output_file}";
|
||||
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
|
||||
fi;
|
||||
|
||||
# __END__
|
||||
|
||||
Reference in New Issue
Block a user