Fix lock user flow to only lock if the user is not in the reject group

bin/check_last_login.sh

@@ -53,7 +53,7 @@ case "${1,,}" in
 		;;
 esac;
 
-if [ "${OUTPUT_TARGET}" == "text" ]; then
+if [ "${OUTPUT_TARGET}" = "text" ]; then
 	LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
 	exec &> >(tee -a "${LOG}");
 	echo "[START] =============>";
@@ -62,7 +62,7 @@ if [ "${OUTPUT_TARGET}" == "text" ]; then
 	echo "Max age last login : ${max_age_login} days";
 	echo "Warn age last login: ${warn_age_login} days";
 	echo "Max age no login   : ${max_age_create} days";
-elif [ "${OUTPUT_TARGET}" == "json" ]; then
+elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	echo '"Info": {'
 	echo '"Hostname": "'$(hostname)'",';
 	echo '"Date": "'$(date +"%F %T")'",';
@@ -73,9 +73,9 @@ elif [ "${OUTPUT_TARGET}" == "json" ]; then
 	echo '"Users": ['
 fi;
 for ssh_group in ${ssh_groups[@]}; do
-	if [ "${OUTPUT_TARGET}" == "text" ]; then
+	if [ "${OUTPUT_TARGET}" = "text" ]; then
 		echo "--------------------->"
-		if [ "${ssh_group}" == "${ssh_reject_group}" ]; then
+		if [ "${ssh_group}" = "${ssh_reject_group}" ]; then
 			echo "Showing current SSH Reject users:";
 			unlock_flag=1
 		else
@@ -112,7 +112,7 @@ for ssh_group in ${ssh_groups[@]}; do
 			continue;
 		fi;
 		# for json output, we need , between outputs
-		if [ "${OUTPUT_TARGET}" == "json" ] && [ $first_run -eq 0 ]; then
+		if [ "${OUTPUT_TARGET}" = "json" ] && [ $first_run -eq 0 ]; then
 			echo ",";
 		fi;
 		first_run=0;
@@ -172,7 +172,9 @@ for ssh_group in ${ssh_groups[@]}; do
 			last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
 			if [ ${last_login} -gt ${max_age_login} ]; then
 				out_string="[!] last ssh log in ${last_login} days ago";
-				lock_user=1;
+				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
+					lock_user=1;
+				fi;
 			elif [ ${last_login} -gt ${warn_age_login} ]; then
 				out_string="OK [last ssh login ${last_login} days ago";
 			else
@@ -190,7 +192,9 @@ for ssh_group in ${ssh_groups[@]}; do
 			last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
 			if [ ${last_login} -gt ${max_age_login} ]; then
 				out_string="[!] last terminal log in ${last_login} days ago";
-				lock_user=1;
+				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
+					lock_user=1;
+				fi;
 			elif [ ${last_login} -gt ${warn_age_login} ]; then
 				out_string="OK [last terminal login ${last_login} days ago";
 			else
@@ -201,7 +205,9 @@ for ssh_group in ${ssh_groups[@]}; do
 		elif [ ! -z "${user_create_date}" ]; then
 			if [ ${account_age} -gt ${max_age_create} ]; then
 				out_string="[!] Never logged in: account created ${account_age} days ago";
-				lock_user=1;
+				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
+					lock_user=1;
+				fi;
 			else
 				out_string="OK [Never logged in]";
 			fi;
@@ -222,7 +228,7 @@ for ssh_group in ${ssh_groups[@]}; do
 				sub_groups_string="["
 				sub_group_first=1
 				for s_group in $sub_groups; do
-					if [ "${sub_group_first}" == 0 ]; then
+					if [ "${sub_group_first}" = 0 ]; then
 						sub_groups_string="${sub_groups_string},";
 					fi;
 					sub_groups_string="${sub_groups_string}\"${s_group}\"";
@@ -249,7 +255,7 @@ for ssh_group in ${ssh_groups[@]}; do
 		esac;
 	done;
 done;
-if [ "${OUTPUT_TARGET}" == "text" ]; then
+if [ "${OUTPUT_TARGET}" = "text" ]; then
 	if [ ! -z "${lock_accounts}" ]; then
 		echo "--------------------->"
 		echo "% Run script below to move users to reject ssh group";
@@ -267,7 +273,7 @@ if [ "${OUTPUT_TARGET}" == "text" ]; then
 		echo "bin/unlock_user.sh -s forward ${lock_accounts}";
 	fi;
 	echo "[END] ===============>"
-elif [ "${OUTPUT_TARGET}" == "json" ]; then
+elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	# users
 	echo "]";
 	# overall