Check last login mandatory settings now has combined abort

set an error flag and check all settings before exit program
Bug fix for json export with double quotes
2024-02-14 14:46:17 +09:00 · 2023-12-22 13:39:18 +09:00 · 2023-12-22 13:31:33 +09:00 · 2023-12-22 11:54:34 +09:00 · 2023-12-21 16:43:57 +09:00 · 2023-12-21 16:39:05 +09:00
3 changed files with 50 additions and 11 deletions
--- a/bin/check_last_login.sh
+++ b/bin/check_last_login.sh
@@ -27,12 +27,24 @@ LOG="${BASE_FOLDER}/../log";
 # auth log file user;date from collect_login_data script
 AUTH_LOG="${BASE_FOLDER}/../auth-log/user_auth.log";

+error=0;
 if [ $(whoami) != "root" ]; then
 	echo "Script must be run as root user";
-	exit;
+	error=1;
 fi;
 if [ ! -d "${LOG}" ]; then
 	echo "log folder ${LOG} not found";
+	error=1;
+fi;
+if [ -z $(command -v curl) ]; then
+	echo "Missing curl application, aborting";
+	error=1;
+fi;
+if [ -z $(command -v jq) ]; then
+	echo "Missing jq application, aborting";
+	error=1;
+fi;
+if [ $error -eq 1 ]; then
 	exit;
 fi;
 # option 1 in list
@@ -45,18 +57,31 @@ case "${1,,}" in
 		echo "{";
 		;;
 	csv)
+		CSV_LINE="%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s\n";
 		OUTPUT_TARGET="csv";
-		echo "Hostname,Username,Main Group,SSH Group,Account Created Date,Account Age,Last Login Date,Last Login Age,Never Logged In,Login Source,Status";
+		echo "Account ID,Region,Instance ID,Hostname,Username,Main Group,SSH Group,Account Created Date,Account Age,Last Login Date,Last Login Age,Never Logged In,Login Source,Status";
 		;;
 	*)
 		OUTPUT_TARGET="text";
 		;;
 esac;

+# collect info via: curl http://169.254.169.254/latest/meta-data/
+instance_data=$(
+	TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` &&
+	curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document
+)
+instance_id=$(echo "${instance_data}" | jq .instanceId)
+account_id=$(echo "${instance_data}" | jq .accountId)
+region=$(echo "${instance_data}" | jq .region)
+
 if [ "${OUTPUT_TARGET}" = "text" ]; then
 	LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
 	exec &> >(tee -a "${LOG}");
 	echo "[START] =============>";
+	echo "AWS ID             : ${account_id}";
+	echo "Region             : ${region}";
+	echo "Instance ID        : ${instance_id}";
 	echo "Hostname           : "$(hostname);
 	echo "Run date           : "$(date +"%F %T");
 	echo "Max age last login : ${max_age_login} days";
@@ -64,6 +89,9 @@ if [ "${OUTPUT_TARGET}" = "text" ]; then
 	echo "Max age no login   : ${max_age_create} days";
 elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	echo '"Info": {'
+	echo '"AccountId": '${account_id}',';
+	echo '"Region": '${region}',';
+	echo '"InstanceId": '${instance_id}',';
 	echo '"Hostname": "'$(hostname)'",';
 	echo '"Date": "'$(date +"%F %T")'",';
 	echo '"MaxAgeLogin": '${max_age_login}',';
@@ -106,7 +134,7 @@ for ssh_group in ${ssh_groups[@]}; do
 					echo "}";
 					;;
 				csv)
-					printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s\n" "$(hostname)" "${username}" "" "${ssh_group}" "" "" "" "" "true" "${out_string}"
+					printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "" "${ssh_group}" "" "" "" "" "true" "${out_string}"
 					;;
 			esac;
 			continue;
@@ -131,14 +159,25 @@ for ssh_group in ${ssh_groups[@]}; do
 		# check user create time, if we have set it in comment
 		user_create_date_string=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 5);
 		# if empty try last password set time
-		if [ -z "${user_create_date_string}" ]; then
+		if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
 			# user L 11/09/2020 0 99999 7 -1
 			user_create_date_string=$(passwd -S ${username} | cut -d " " -f 3);
 		fi;
 		# last try is user home .bash_logout
-		if [ -z "${user_create_date_string}" ]; then
-			home_dir=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_logout";
-			user_create_date_string=$(stat -c %Z "${home_dir}");
+		if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
+			# try logout or bash history
+			home_dir_bl=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_logout";
+			home_dir_bh=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_history";
+			# check that this file exists
+			if [ -f "${home_dir_bl}" ]; then
+				user_create_date_string=$(stat -c %Z "${home_dir_bl}");
+			elif [ -f "${home_dir_bh}" ]; then
+				user_create_date_string=$(stat -c %Z "${home_dir_bh}");
+			fi;
+		fi;
+		# still no date -> set empty
+		if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
+			user_create_date_string="";
 		fi;

 		# below only works if the user logged in, a lot of them are just file upload
@@ -158,7 +197,7 @@ for ssh_group in ${ssh_groups[@]}; do
 			found=$(grep "${username};" "${AUTH_LOG}");
 		fi;
 		# always pre work account dates if they exist, but output only if text
-		if [ -z "${found}" ] && [ ! -z "${user_create_date_string}" ]; then
+		if [ ! -z "${user_create_date_string}" ]; then
 			user_create_date=$(echo "${user_create_date_string}" | date +"%s" -f -);
 			# if all empty, we continue with only check if user has last login date
 			# else get days since creation
@@ -250,7 +289,7 @@ for ssh_group in ${ssh_groups[@]}; do
 				echo "}";
 				;;
 			csv)
-				printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s\n" "$(hostname)" "${username}" "${main_group}" "${ssh_group}" "${user_create_date_out}" "${account_age}" "${last_login_date}" "${last_login}" "${never_logged_in}" "${login_source}" "${out_string}"
+				printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "${main_group}" "${ssh_group}" "${user_create_date_out}" "${account_age}" "${last_login_date}" "${last_login}" "${never_logged_in}" "${login_source}" "${out_string}"
 				;;
 		esac;
 	done;
--- a/bin/lock_user.sh
+++ b/bin/lock_user.sh
@@ -39,7 +39,7 @@ if [ -z $(cat /etc/group | grep "${ssh_reject_group}:") ]; then
 	exit;
 fi;
 ssh_allow_group="sshallow";
-ssh_forward_group="sshfoward";
+ssh_forward_group="sshforward";
 user_group_tpl="gpasswd -d %s %s\ngpasswd -a %s %s\n";

 echo "--------------------->"
--- a/bin/unlock_user.sh
+++ b/bin/unlock_user.sh
@@ -53,7 +53,7 @@ if [ -z $(cat /etc/group | grep "${ssh_reject_group}:") ]; then
 	exit;
 fi;
 ssh_allow_group="sshallow";
-ssh_forward_group="sshfoward";
+ssh_forward_group="sshforward";
 user_group_tpl="gpasswd -d %s %s\ngpasswd -a %s %s\n";

 echo "--------------------->"
Author	SHA1	Message	Date
Clemens Schwaighofer	70ef7a3fc5	Check last login mandatory settings now has combined abort set an error flag and check all settings before exit program	2024-02-14 14:46:17 +09:00
Clemens Schwaighofer	89252af50b	Bug fix for json export with double quotes	2023-12-22 13:39:18 +09:00
Clemens Schwaighofer	8fb833d3c4	Fix the call for getting instance data Do not use name alias, use the IP address for this	2023-12-22 13:31:33 +09:00
Clemens Schwaighofer	694f04313c	Add Account, Region and Instance info for each report So we can easy match up user reports to other information we collect	2023-12-22 11:54:34 +09:00
Clemens Schwaighofer	50e28c7cfd	Check that fallback last access file exists	2023-12-21 16:43:57 +09:00
Clemens Schwaighofer	65b7a6ad43	Fix date check for account created date Use regex to check instead of empty string. A comment could be set instead of a date	2023-12-21 16:39:05 +09:00
Clemens Schwaighofer	244461d466	sshforward group typo in lock and unlock users	2023-12-21 16:11:31 +09:00