Add full log scan for old non systemd auth checks

bin/collect_login_data.sh

@@ -75,7 +75,25 @@ if [ -z "${init_version##*systemd*}" ]; then
 else
 	LOG_TARGET="syslog";
 	# for secure/auth log
-	START_DATE=$(date +"%b %e" -d "1 day ago")
+	if [ $RUN_FULL_LOG -eq 0 ]; then
+		bunzip -ck /var/log/secure*.bz2 | grep ": session opened for user" |
+		while read line; do
+			# Nov 21 14:15:56 some.hostname.com sshd[12345]: pam_unix(sshd:session): session opened for user some-user(uid=6789) by (uid=0)
+			auth_date=$($(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15) | date +"%F %T" -f -);
+			auth_user=$(echo "${line}" | cut -d ")" -f 2 | cut -d " " -f 6 | cut -d "(" -f 1);
+			# find auth user in current auth file
+			# if not there attach, else replace date only
+			if [ -z grep "${auth_user}" "${AUTH_LOG}" ]; then
+				cat "${auth_user};${auth_date}"  >> "${AUTH_LOG}";
+			else
+				sed -i "s/${auth_user};.*$/${auth_user};${auth_date}/" "${AUTH_LOG}";
+			fi;
+		done;
+		# read all
+		START_DATE="sshd"
+	else
+		START_DATE=$(date +"%b %e" -d "1 day ago")
+	fi;
 	cat /var/log/secure | grep "${START_DATE}" | grep ": session opened for user" |
 	while read line; do
 		# Nov 21 14:15:56 some.hostname.com sshd[12345]: pam_unix(sshd:session): session opened for user some-user(uid=6789) by (uid=0)