Add central logging for all actions done

log file "user_management.log"

Each line is
[YYYY-MM-DD HH:mm:ss] [script name] [TEST] ...

[TEST] is only set if we are in a test run

for create user, if info flag is set, we do not write a log

bin/delete_user.sh

@@ -60,20 +60,16 @@ backup_folder="${BASE_FOLDER}../backup/";
 input_file='user_list.txt';
 user_list_file="${root_folder}${input_file}";
 # log file
-LOG="${BASE_FOLDER}/../log/delete_user."$(date +"%F_%H%m%S");
-if [ ${TEST} -eq 0 ]; then
-	LOG="${LOG}.log";
-else
-	LOG="${LOG}.test.log";
-fi;
+HISTORY="${BASE_FOLDER}/../log/delete_user.log";
 # ignore users (root and admin users)
 ignore_users=('root' 'ec2-user' 'ubuntu' 'admin');
 # detect ssh authorized_keys setting
 SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
 SSH_AUTHORIZED_FILE='';
-for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep "%u"); do
-	if [ -n "$(echo "${cf}" | grep "%u")" ]; then
-		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=$(echo "${cf}" | sed -e 's/%u//');
+# shellcheck disable=SC2013
+for cf in $(grep "^AuthorizedKeysFile" "/etc/ssh/sshd_config" | grep "%u"); do
+	if echo "$cf" | grep -q "%u"; then
+		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER="${cf/%%u//}";
 		if [ ! -d "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
 			echo "ssh central authorized_file folder could not be found: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
 			exit;
@@ -86,17 +82,39 @@ if [ ! -f "${user_list_file}" ]; then
 	exit;
 fi;
 
+LOG="${BASE_FOLDER}/../log/user_management.log";
+function write_log()
+{
+	text="${1}";
+	do_echo="${2}";
+	log_prefix="";
+	# log prefix for testing
+	if [ ${TEST} -eq 1 ]; then
+		log_prefix="[TEST] ";
+	fi;
+	# write log not in info run
+	echo "[$(date +"%F %T")] [$0] ${log_prefix}${text}" >> "${LOG}";
+	if [ "${do_echo}" = "1" ]; then
+		echo "${text}";
+	fi;
+}
+write_log "START SCRIPT RUN";
+
+# used for test run only
+overall_run_error=0;
+
 # $1 ... $n
 for username in "$@"; do
 	error=0;
 	# skip if there is an option hidden
+	# shellcheck disable=SC2154
 	if [[ ${_arg:0:1} = "-" ]]; then
 		continue;
 	fi;
 	# skip ignore users, note that if a user is not in the sshallow list anyway
 	# we skip them too, this is just in case check
 	if [[ " ${ignore_users[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
-		echo "[!] User ${username} is in the ignore user list";
+		write_log "[!] User ${username} is in the ignore user list" "1";
 		continue;
 	fi;
 
@@ -104,31 +122,33 @@ for username in "$@"; do
 	# if missing in or another do not continue
 	if ! id "${username}" &>/dev/null; then
 		# not in passwd
-		echo "[!!!] User ${username} does not exist in /etc/passwd";
+		write_log "[ERRPR] User ${username} does not exist in /etc/passwd" "1";
 		error=1;
 	fi;
 	user_list_entry=$(grep "${username}" "${user_list_file}");
 	if [ -z "${user_list_entry}" ]; then
-		echo "[!!!] User ${username} does not exist in user_list.txt file";
+		write_log "[ERROR] User ${username} does not exist in user_list.txt file" "1";
 		error=1;
 	elif [[ "${user_list_entry}" =~ ^#DELETED ]]; then
-		echo "[!!!] User ${username} is flagged as deleted in user_list.txt file";
+		write_log "[ERROR] User ${username} is flagged as deleted in user_list.txt file" "1";
 		error=1;
 	fi;
 
 	if [ $error -eq 1 ]; then
+		overall_run_error=1;
+		write_log "[*** ABORT RUN ***]" "1";
 		if [ ${TEST} -eq 0 ]; then
 			break;
 		fi;
 	fi;
 
-	echo "=> Delete: ${username}";
+	write_log "=> Delete: ${username}" "1";
 	# ssh authorized file
 	SSH_AUTHORIZED_FILE="${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}${username}";
 
 	# make backup from /home
 	if [ ${BACKUP} -eq 1 ]; then
-		home_folder=$(getent passwd ${username} | cut -d ":" -f 6);
+		home_folder=$(getent passwd "${username}" | cut -d ":" -f 6);
 		backup_file="${backup_folder}${host}${separator}${username}.${timestamp}.tar.bz2";
 		files_list="${home_folder}";
 		if [ -f "${SSH_AUTHORIZED_FILE}" ]; then
@@ -136,7 +156,7 @@ for username in "$@"; do
 		fi;
 		echo "[0] Backup ${files_list} to ${backup_file}";
 		if [ ${TEST} -eq 0 ]; then
-			tar cfjp "${backup_file}" ${file_list};
+			tar cfjp "${backup_file}" "${files_list}";
 		else
 			echo "$> tar cfjp \"${backup_file}\" ${files_list};";
 		fi;
@@ -144,7 +164,7 @@ for username in "$@"; do
 
 	echo "[1] Remove user + home dir";
 	if [ ${TEST} -eq 0 ]; then
-		userdel -r ${username}
+		userdel -r "${username}"
 	else
 		echo "$> userdel -r ${username}";
 	fi;
@@ -162,7 +182,7 @@ for username in "$@"; do
 		fi;
 	else
 		# Not critical error
-		echo "[?] Cannot find ${SSH_AUTHORIZED_FILE}";
+		write_log "[?] Cannot find ${SSH_AUTHORIZED_FILE}" "1";
 	fi;
 
 	# Update user_list.txt file and add # for the line
@@ -172,11 +192,17 @@ for username in "$@"; do
 	if [ ${TEST} -eq 0 ]; then
 		sed -i -e "s/^\([A-Za-z0-9]\{1,\};${username};\)/#DELETED-${delete_date}:\1/" "${user_list_file}";
 	else
+		# shellcheck disable=SC2028
 		echo "$> sed -i -e \"s/^\([A-Za-z0-9]\{1,\};${username};\)/#DELETED-${delete_date}:\1/\" \"${user_list_file}\";";
 	fi;
 
-	echo $(date +"%F %T")";${host};${username}" >> "${LOG}";
+	echo "$(date +"%F %T");${host};${username};${TEST}" >> "${HISTORY}";
 
 done;
 
+# MARK: TEST ERROR INFO
+if [ ${TEST} -eq 1 ] && [ ${overall_run_error} -eq 1 ]; then
+	echo "[ERROR] Some errors occoured during the run, they will prohibit the live run of this script";
+fi;
+
 # __END__