Now for each ssh group we report last login/account create stats.
Add the main user group to output
Add unlock user commands for locked users
Add CSV and JSON formatted output
rename user script added: renames user, home dir and connected files.
delete script fix with remove of not needed options (-g)
Update all scripts to exit only after all errors are shown, unless it
is a critical run error.
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
Missing username in create folder path for adding new user
check if pub key exists in central location ran even if central file
was missing.
Fixed check for .ssh or central place to use.
File check before trying to remove chattr "i" flag, can't do that if the
file does not exists.
If there is a ssh setting that we have a central location for SSH keys
move all users ssh keys there.
Currently skipped are core admin users, they will move later once all
tests are done
* Bug with existing ssh key but not in ssh authorized_file
The correct public key location was not set for the existing file
* Bug with attr set on authorzied_file update if central location
If a central location the +i attrib must be removed first
It will set always in the folder rights change
* Change the authorized file group to root for central file location
* new detect for central authorized keys folder
1) must have %u set in the AuthorizedKeysFile list
2) folder must exists (will not be created, if not exists abort)
If above is set, it will create a username file with the ssh key in there
and lock it down as r--/user and +i attrib
else uses old .ssh folder form
* fix for user add with different home base folder
add this as option for the useradd command
If /home is eg located in /storge then we can now set a prefix for this.
Option -h or via config setting in "user_create.cfg" named
HOME_LOCATION="/path"
Note: Path has to be prefix with /. Any sub folders in home will be
ignored and the user is always created in /home/user.name
Group names as sub folders in /home are not supported
Make sure that lock script reejcts core users
(root/ec2-user/admin/ubuntu)
Unlock script works reverse with also optional check in user_list.txt
for ssh allow/foward group type
Internal:
rename all $user to $username
Add a user lock script to move users from ssh allow/foward group to ssh
reject group.
Rename user_create.sh script to create_user.sh script and add new ssh
allow/foward flag in user_list.txt file after group block and before
password name block
Update check last login script with better add/remove from groups
Auth collector from either systemd logger or fallback /var/log/secure
(old Amazon V1).
Use this as primary last login source in check last login script
Logging of all output to log/ folder for check last login script user.
Also for delete, user script now outputs move from ssh allow to ssh
reject group.
