Add central logging for all actions done
log file "user_management.log" Each line is [YYYY-MM-DD HH:mm:ss] [script name] [TEST] ... [TEST] is only set if we are in a test run for create user, if info flag is set, we do not write a log
This commit is contained in:
Clemens Schwaighofer
@@ -88,6 +88,24 @@ if [ -f "${BASE_FOLDER}${IGNORE_USER_FILE}" ]; then
|
||||
echo "Reading ${IGNORE_USER_FILE}";
|
||||
fi;
|
||||
|
||||
LOG="${BASE_FOLDER}/../log/user_management.log";
|
||||
function write_log()
|
||||
{
|
||||
text="${1}";
|
||||
do_echo="${2}";
|
||||
log_prefix="";
|
||||
# log prefix for testing
|
||||
if [ ${TEST} -eq 1 ]; then
|
||||
log_prefix="[TEST] ";
|
||||
fi;
|
||||
# write log not in info run
|
||||
echo "[$(date +"%F %T")] [$0] ${log_prefix}${text}" >> "${LOG}";
|
||||
if [ "${do_echo}" = "1" ]; then
|
||||
echo "${text}";
|
||||
fi;
|
||||
}
|
||||
write_log "START SCRIPT RUN";
|
||||
|
||||
# loop over passwd file
|
||||
# if not in no action then check if .ssh/authorized_keys file exists
|
||||
cut -d ":" -f 1,6 /etc/passwd |
|
||||
@@ -97,14 +115,17 @@ while read -r user_home; do
|
||||
# skip admin usernames
|
||||
if [[ " ${NO_ACTION[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
|
||||
printf "${PRINTF_INFO}" "NO ACT" "!" "${username}" "user in NO ACTION list";
|
||||
write_log "[NO ACT] ${username} in NO ACTION list";
|
||||
continue;
|
||||
fi;
|
||||
if [[ " ${SKIP_USERS[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
|
||||
printf "${PRINTF_INFO}" "SKIP" "*" "${username}" "skip forced via command line";
|
||||
write_log "[SKIP] ${username} skip forced via command line";
|
||||
continue;
|
||||
fi;
|
||||
if [[ " ${IGNORE_USER[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
|
||||
printf "${PRINTF_INFO}" "SKIP" "**" "${username}" "skip from ignore config file";
|
||||
write_log "[SKIP] ${username} skip from ignore config file";
|
||||
continue;
|
||||
fi;
|
||||
home_folder=$(echo "${user_home}" | cut -d ":" -f 2);
|
||||
@@ -113,8 +134,10 @@ while read -r user_home; do
|
||||
# but do we have an auth folder, if yes -> exist skip
|
||||
if [ -f "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}" ]; then
|
||||
printf "${PRINTF_INFO}" "DONE" "." "${username}" "already moved";
|
||||
write_log "[DONE] ${username} already moved";
|
||||
else
|
||||
printf "${PRINTF_INFO}" "IGNORE" "?" "${username}" "no authorized_keys file";
|
||||
write_log "[IGNORE] ${username} no authorized_keys file";
|
||||
fi;
|
||||
continue;
|
||||
fi;
|
||||
@@ -124,6 +147,7 @@ while read -r user_home; do
|
||||
ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_MASTER_AUTHORIZED_FILE}");
|
||||
if [ -n "${ssh_key_diff}" ]; then
|
||||
printf "${PRINTF_INFO}" "ABORT" "!!!" "${username}" "authorized key is not matching the master key file";
|
||||
write_log "[ABORT] ${username} authorized key is not matching the master key file";
|
||||
exit;
|
||||
fi;
|
||||
fi;
|
||||
@@ -132,6 +156,7 @@ while read -r user_home; do
|
||||
ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}");
|
||||
if [ -z "${ssh_key_diff}" ]; then
|
||||
printf "${PRINTF_INFO}" "REMOVE" "-" "${username}" ".ssh/authorized_keys";
|
||||
write_log "[REMOVE] ${username} .ssh/authorized_keys";
|
||||
if [ ${master_user} -eq 0 ]; then
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
rm "${home_folder}/.ssh/authorized_keys";
|
||||
@@ -139,15 +164,17 @@ while read -r user_home; do
|
||||
echo "$> rm \"${home_folder}/.ssh/authorized_keys\"";
|
||||
fi;
|
||||
else
|
||||
echo "[!] No delete for master user, must be done manually";
|
||||
write_log "[!] No delete for master user, must be done manually" "1";
|
||||
fi;
|
||||
continue;
|
||||
fi;
|
||||
# No update, alert
|
||||
printf "${PRINTF_INFO}" "DIFF" "???" "${username}" "Different authorized keys in home dir, SKIPPED";
|
||||
write_log "[DIFF] ${username} Different authorized keys in home dir, SKIPPED";
|
||||
continue;
|
||||
fi;
|
||||
printf "${PRINTF_INFO}" "MOVE" ">" "${username}" "Move SSH Key to central location";
|
||||
write_log "[MOVE] ${username} Move SSH Key to central location";
|
||||
# move public keys over
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
cat "${home_folder}/.ssh/authorized_keys" > "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
|
||||
@@ -159,13 +186,14 @@ while read -r user_home; do
|
||||
ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}");
|
||||
if [ -n "${ssh_key_diff}" ]; then
|
||||
printf "${PRINTF_INFO}" "ERROR" "!!!" "${username}" "Move problem ${ssh_key_diff}";
|
||||
write_log "[ERROR] ${username} Move problem ${ssh_key_diff}";
|
||||
break;
|
||||
fi;
|
||||
# remove home .ssh/authorized_keys (do not remove folder)
|
||||
if [ ${master_user} -eq 0 ]; then
|
||||
rm "${home_folder}/.ssh/authorized_keys";
|
||||
else
|
||||
echo "=> No delete for master user, must be done manually";
|
||||
write_log "=> No delete for master user, must be done manually" "1";
|
||||
fi;
|
||||
else
|
||||
echo "[START] ====>";
|
||||
|
||||
Reference in New Issue
Block a user