Make sure that lock script reejcts core users
(root/ec2-user/admin/ubuntu)
Unlock script works reverse with also optional check in user_list.txt
for ssh allow/foward group type
Internal:
rename all $user to $username
Add a user lock script to move users from ssh allow/foward group to ssh
reject group.
Rename user_create.sh script to create_user.sh script and add new ssh
allow/foward flag in user_list.txt file after group block and before
password name block
Update check last login script with better add/remove from groups
Auth collector from either systemd logger or fallback /var/log/secure
(old Amazon V1).
Use this as primary last login source in check last login script
Logging of all output to log/ folder for check last login script user.
Also for delete, user script now outputs move from ssh allow to ssh
reject group.
A new last logged in, last created script has been added to check which
users we have to disable.
- checks in group sshallow
- if last login older than 60days, remove account from ssh group
- if we have account create date, check if never logged in and older
than 30 days, remove account from ssh group
Both dates can be set separate
Update create script to add create date in Y-m-d (%F) format as
comment to the passwd file
Also add user to sshallow group (group always exists, is created on
server creation)
