ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch from lastlogin to lsogins

Browse Source 
Debian 13 dropped lastlogin, replaced with lastlogin2 which is an extra install.
Switch to lslogins, which also makes parsing much easier
This commit is contained in:
Clemens Schwaighofer
2025-09-12 10:16:05 +09:00
parent 125cb27de8
commit c801ef40b4
2 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
bin/check_last_login.sh
View File

@@ -44,6 +44,11 @@ if [ -z "$(command -v jq)" ]; then
echo "Missing jq application, aborting";
error=1;
fi;
# use lslogins instead of last log
if [ -z "$(command -v lslogins)" ]; then
echo "Missing lslogins application, aborting";
error=1;
fi;
if [ $error -eq 1 ]; then
exit;
fi;
@@ -187,10 +192,18 @@ for ssh_group in "${ssh_groups[@]}"; do
# below only works if the user logged in, a lot of them are just file upload
# users. Use the collect script from systemd-logind or /var/log/secure
# Username Port From Latest
# user pts/35 10.110.160.230 Wed Nov 2 09:40:35 +0900 2022
last_login_string=$(lastlog -u "${username}" | sed 1d);
search="Never logged in";
# for the rest use lslogin, returns ":" separted list, not set is never logged in
# LAST LOGIN :FAILED LOGIN
# 2025-09-12T09:56:22+09:00:
last_login_string=$(
lslogins \
-c --noheadings --notruncate \
--time-format=iso \
-o LAST-LOGIN,FAILED-LOGIN \
-l "${username}"
);
last_login_date=$(echo "${last_login_string}" | cut -d ":" -f 1);
# search="Never logged in";
never_logged_in="false";
found="";
login_source="";
@@ -227,12 +240,10 @@ for ssh_group in "${ssh_groups[@]}"; do
login_source="ssh";
# rewrite to Y-M-D, aka
last_login_date="${last_login_date_string}"
elif [ -n "${last_login_string##*"$search"*}" ]; then
elif [ -n "${last_login_date}" ]; then
# if we have "** Never logged in**" the user never logged in
# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
# awk '{for(i=4;i<=NF;++i)printf $i FS}'
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
# date -d "Wed Nov 2 09:40:35 +0900 2022" +%s
# we get an ISO DATE with timezone
last_login_date=$(echo "${last_login_string}" | date +"%s" -f -);
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
if [ "${last_login}" -gt ${max_age_login} ]; then
out_string="[!] Last terminal log in ${last_login} days ago";
@@ -245,7 +256,7 @@ for ssh_group in "${ssh_groups[@]}"; do
out_string="OK [lastlog, ${last_login} days ago]";
fi;
login_source="lastlog";
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%F %T" -f -)
last_login_date=$(echo "${last_login_string}" | date +"%F %T" -f -)
elif [ -n "${user_create_date}" ]; then
if [ "${account_age}" -gt ${max_age_create} ]; then
out_string="[!] Never logged in: account created ${account_age} days ago";