Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
716a0c2bfb | ||
|
|
365b52efe5 | ||
|
|
b10cb62612 |
@@ -5,7 +5,6 @@
|
|||||||
|
|
||||||
# base folder
|
# base folder
|
||||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||||
input_file='user_list.txt';
|
|
||||||
# which groups holds the ssh allowed login users (outside of admin users)
|
# which groups holds the ssh allowed login users (outside of admin users)
|
||||||
ssh_groups=('sshforward' 'sshallow');
|
ssh_groups=('sshforward' 'sshallow');
|
||||||
ssh_reject_group='sshreject';
|
ssh_reject_group='sshreject';
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ separator="#";
|
|||||||
# base folder for all data
|
# base folder for all data
|
||||||
# root_folder=$(pwd)'/';
|
# root_folder=$(pwd)'/';
|
||||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||||
root_folder="${BASE_FOLDER}";
|
root_folder="${BASE_FOLDER}../";
|
||||||
input_file='user_list.txt';
|
input_file='user_list.txt';
|
||||||
output_file="user_password.${timestamp}.txt";
|
output_file="user_password.${timestamp}.txt";
|
||||||
output_zip_folder='zip/';
|
output_zip_folder='zip/';
|
||||||
|
|||||||
@@ -42,6 +42,8 @@ if [ ! -z "${SSH_GROUP_ADD}" ] && [ "${SSH_GROUP_ADD}" != "allow" ] && [ "${SSH_
|
|||||||
fi;
|
fi;
|
||||||
|
|
||||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||||
|
root_folder="${BASE_FOLDER}../";
|
||||||
|
input_file='user_list.txt';
|
||||||
# ignore users (root and admin users)
|
# ignore users (root and admin users)
|
||||||
ignore_users=('root' 'ec2-user' 'ubuntu' 'admin');
|
ignore_users=('root' 'ec2-user' 'ubuntu' 'admin');
|
||||||
# ssh reject group
|
# ssh reject group
|
||||||
@@ -85,8 +87,8 @@ for username in "$@"; do
|
|||||||
# else try to set from option
|
# else try to set from option
|
||||||
# if not valid use allow
|
# if not valid use allow
|
||||||
ssh_add_group="${SSH_GROUP_ADD}";
|
ssh_add_group="${SSH_GROUP_ADD}";
|
||||||
if [ -z "${SSH_GROUP_ADD}" ] && [ -f "${BASE_FOLDER}${input_file}" ]; then
|
if [ -z "${SSH_GROUP_ADD}" ] && [ -f "${root_folder}${input_file}" ]; then
|
||||||
ssh_add_group=$(grep "${username}" "${BASE_FOLDER}${input_file}" | cut -d ";" -f 4 | tr A-Z a-z | tr -d ' ');
|
ssh_add_group=$(grep "${username}" "${root_folder}${input_file}" | cut -d ";" -f 4 | tr A-Z a-z | tr -d ' ');
|
||||||
fi;
|
fi;
|
||||||
if [ "${ssh_access_type}" != "allow" ] && [ "${ssh_access_type}" != "forward" ]; then
|
if [ "${ssh_access_type}" != "allow" ] && [ "${ssh_access_type}" != "forward" ]; then
|
||||||
ssh_add_group="allow";
|
ssh_add_group="allow";
|
||||||
@@ -100,9 +102,8 @@ for username in "$@"; do
|
|||||||
if [ ${TEST} -eq 1 ]; then
|
if [ ${TEST} -eq 1 ]; then
|
||||||
printf "${user_group_tpl}" "${username}" "${ssh_reject_group}" "${username}" "${ssh_add_group}";
|
printf "${user_group_tpl}" "${username}" "${ssh_reject_group}" "${username}" "${ssh_add_group}";
|
||||||
else
|
else
|
||||||
#gpasswd -d "${username}" "${ssh_reject_group}";
|
gpasswd -d "${username}" "${ssh_reject_group}";
|
||||||
#gpasswd -a "${username}" "${ssh_add_group}";
|
gpasswd -a "${username}" "${ssh_add_group}";
|
||||||
echo "NOOP";
|
|
||||||
fi;
|
fi;
|
||||||
else
|
else
|
||||||
# skip not ssh user
|
# skip not ssh user
|
||||||
|
|||||||
Reference in New Issue
Block a user