Add multiple groups to check last login script
Currently fixed group names sshallow, sshforward and reject sshreject
This commit is contained in:
Clemens Schwaighofer
@@ -5,8 +5,8 @@
|
||||
|
||||
# base folder
|
||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||
# which group holds the ssh allowed login users (outside of admin users)
|
||||
ssh_group='sshallow';
|
||||
# which groups holds the ssh allowed login users (outside of admin users)
|
||||
ssh_groups=('sshforward' 'sshallow');
|
||||
ssh_reject_group='sshreject';
|
||||
# date now for compare
|
||||
now=$(date +"%s");
|
||||
@@ -38,78 +38,81 @@ echo "Hostname : "$(hostname);
|
||||
echo "Run date : "$(date +"%F %T");
|
||||
echo "Max age last login: ${max_age_login} days";
|
||||
echo "Max age no login : ${max_age_create} days";
|
||||
for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
|
||||
# for user in clemens test42; do
|
||||
account_age=0;
|
||||
delete_user=0;
|
||||
out_string="";
|
||||
#echo "* Checking user ${user}";
|
||||
# check user create time, if we have set it in comment
|
||||
user_create_date=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 5);
|
||||
# if empty try last password set time
|
||||
if [ -z "${user_create_date}" ]; then
|
||||
# user L 11/09/2020 0 99999 7 -1
|
||||
user_create_date=$(passwd -S ${user} | cut -d " " -f 3);
|
||||
fi;
|
||||
# last try is user home .bash_logout
|
||||
if [ -z "${user_create_date}" ]; then
|
||||
home_dir=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 6)"/.bash_logout";
|
||||
user_create_date=$(stat -c %Z "${home_dir}");
|
||||
fi;
|
||||
for ssh_group in ${ssh_groups[@]}; do
|
||||
echo "--------------------->"
|
||||
echo "Checking Group : ${ssh_group}";
|
||||
for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
|
||||
account_age=0;
|
||||
delete_user=0;
|
||||
out_string="";
|
||||
#echo "* Checking user ${user}";
|
||||
# check user create time, if we have set it in comment
|
||||
user_create_date=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 5);
|
||||
# if empty try last password set time
|
||||
if [ -z "${user_create_date}" ]; then
|
||||
# user L 11/09/2020 0 99999 7 -1
|
||||
user_create_date=$(passwd -S ${user} | cut -d " " -f 3);
|
||||
fi;
|
||||
# last try is user home .bash_logout
|
||||
if [ -z "${user_create_date}" ]; then
|
||||
home_dir=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 6)"/.bash_logout";
|
||||
user_create_date=$(stat -c %Z "${home_dir}");
|
||||
fi;
|
||||
|
||||
# below only works if the user logged in, a lot of them are just file upload
|
||||
# users. Use the collect script from systemd-logind or /var/log/secure
|
||||
# Username Port From Latest
|
||||
# user pts/35 10.110.160.230 Wed Nov 2 09:40:35 +0900 2022
|
||||
last_login_string=$(lastlog -u ${user} | sed 1d);
|
||||
search="Never logged in";
|
||||
found="";
|
||||
# problem with running rep check in if
|
||||
if [ -f "${AUTH_LOG}" ]; then
|
||||
found=$(grep "${user};" "${AUTH_LOG}");
|
||||
fi;
|
||||
if [ ! -z "${found}" ]; then
|
||||
last_login_date=$(grep "${user};" "${AUTH_LOG}" | cut -d ";" -f 2 | date +"%s" -f -);
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
out_string="[!] last ssh log in ${last_login} days ago";
|
||||
delete_user=1;
|
||||
else
|
||||
out_string="OK [ssh]";
|
||||
# below only works if the user logged in, a lot of them are just file upload
|
||||
# users. Use the collect script from systemd-logind or /var/log/secure
|
||||
# Username Port From Latest
|
||||
# user pts/35 10.110.160.230 Wed Nov 2 09:40:35 +0900 2022
|
||||
last_login_string=$(lastlog -u ${user} | sed 1d);
|
||||
search="Never logged in";
|
||||
found="";
|
||||
# problem with running rep check in if
|
||||
if [ -f "${AUTH_LOG}" ]; then
|
||||
found=$(grep "${user};" "${AUTH_LOG}");
|
||||
fi;
|
||||
elif [ ! -z "${last_login_string##*$search*}" ]; then
|
||||
# if we have "** Never logged in**" the user never logged in
|
||||
# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
|
||||
# awk '{for(i=4;i<=NF;++i)printf $i FS}'
|
||||
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
|
||||
# date -d "Wed Nov 2 09:40:35 +0900 2022" +%s
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
out_string="[!] last terminal log in ${last_login} days ago";
|
||||
delete_user=1;
|
||||
if [ ! -z "${found}" ]; then
|
||||
last_login_date=$(grep "${user};" "${AUTH_LOG}" | cut -d ";" -f 2 | date +"%s" -f -);
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
out_string="[!] last ssh log in ${last_login} days ago";
|
||||
delete_user=1;
|
||||
else
|
||||
out_string="OK [ssh]";
|
||||
fi;
|
||||
elif [ ! -z "${last_login_string##*$search*}" ]; then
|
||||
# if we have "** Never logged in**" the user never logged in
|
||||
# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
|
||||
# awk '{for(i=4;i<=NF;++i)printf $i FS}'
|
||||
last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
|
||||
# date -d "Wed Nov 2 09:40:35 +0900 2022" +%s
|
||||
last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
|
||||
if [ ${last_login} -gt ${max_age_login} ]; then
|
||||
out_string="[!] last terminal log in ${last_login} days ago";
|
||||
delete_user=1;
|
||||
else
|
||||
out_string="OK [lastlog]";
|
||||
fi;
|
||||
elif [ ! -z "${user_create_date}" ]; then
|
||||
user_create_date=$(echo "${user_create_date}" | date +"%s" -f -);
|
||||
# if all empty, we continue with only check if user has last login date
|
||||
# else get days since creation
|
||||
#account_age=$[ ($(date +"%s")-$(date -d "${user_create_date}" +"%s"))/24 ];
|
||||
account_age=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${user_create_date} ${day}");
|
||||
if [ ${account_age} -gt ${max_age_create} ]; then
|
||||
out_string="[!] Never logged in, account created ${account_age} days ago";
|
||||
delete_user=1;
|
||||
else
|
||||
out_string="OK [first login]";
|
||||
fi;
|
||||
else
|
||||
out_string="OK [lastlog]";
|
||||
out_string="[!!!] Never logged in and we have no create date";
|
||||
fi;
|
||||
elif [ ! -z "${user_create_date}" ]; then
|
||||
user_create_date=$(echo "${user_create_date}" | date +"%s" -f -);
|
||||
# if all empty, we continue with only check if user has last login date
|
||||
# else get days since creation
|
||||
#account_age=$[ ($(date +"%s")-$(date -d "${user_create_date}" +"%s"))/24 ];
|
||||
account_age=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${user_create_date} ${day}");
|
||||
if [ ${account_age} -gt ${max_age_create} ]; then
|
||||
out_string="[!] Never logged in, account created ${account_age} days ago";
|
||||
delete_user=1;
|
||||
else
|
||||
out_string="OK [first login]";
|
||||
# build delete output
|
||||
if [ ${delete_user} = 1 ]; then
|
||||
delete_accounts="${delete_accounts}"$(printf "${user_group_tpl}" "${user}" "${ssh_group}" "${user}" "${ssh_reject_group}")$'\n';
|
||||
fi;
|
||||
else
|
||||
out_string="[!!!] Never logged in and we have no create date";
|
||||
fi;
|
||||
# build delete output
|
||||
if [ ${delete_user} = 1 ]; then
|
||||
delete_accounts="${delete_accounts}"$(printf "${user_group_tpl}" "${user}" "${ssh_group}" "${user}" "${ssh_reject_group}")$'\n';
|
||||
fi;
|
||||
printf "* Checking user %-20s: %s\n" "${user}" "${out_string}";
|
||||
printf "* Checking user %-20s: %s\n" "${user}" "${out_string}";
|
||||
done;
|
||||
done;
|
||||
echo "--------------------->"
|
||||
echo "Showing current SSH Reject users:"
|
||||
|
||||
Reference in New Issue
Block a user