auditUsrGrp

1. #!/bin/bash
2. #
3. # auditUsrGrp.sh
4. # Author:       u/JustAnotherITUser
5. # Date:         2018-11-30
6. #
7. # This is a quick script to automate the auditing of all users and groups
8. # Essentially, if you want to check and see which users/groups to prune off over time,
9. # you can use this script to generate a report of all users which are classified as 'active',
10. # as well as list which users/groups are no longer 'active'
11. #
12. # NOTE:
13. #   -This will not audit system/nologin users*
14. #   -Does not query any AD Database*
15. #
16. #
17. #   * == This feature could be added, but this is just an example
18.  
19. # Functions
20. # Log to file -- not necessary, but makes writing a bit easier
21. function ltf() {
22.     if [ ${#1} -eq 0 ]; then return; fi
23.     echo -e "$1" >> "$reportFile"
24. }
25.  
26. # Get last logon time
27. function getLastTime() {
28.     if [ ${#1} -eq 0 ]; then return; fi
29.     # Get most recent login data, with ISO timestamps
30.     echo "$(last --time-format iso --limit 1 $1 | grep -Ev "wtmp|^$" | sed -e 's/ \+/ /g' | cut -d' ' -f4)"
31. }
32.  
33. # Vars
34. reportFile="$HOME/usrGrpAudit"      # Output File -- Generated Report
35. arrUsers=()             # Array for all users
36. tmpUsr=''               # "Previous User" in a given
37. sep='---------------------------------' # Seperator -- for the report file
38.  
39. # Get All unique users
40. for u in $(getent passwd | grep -E "/home|/bin/bash" | grep -v "syslog" | cut -d: -f1); do
41.     # If previous user is empty
42.     if [[ $tmpUsr == '' ]]; then
43.         # Add $u to the user list
44.         arrUsers+=("$u")
45.     else
46.         # if $u is already listed in $ul, skip add and $tmpUsr updates
47.         echo "$ul" | grep "$u" >/dev/null 2>&1 && continue;
48.         # Else add user to the list
49.         arrUsers+=("$u")
50.     fi
51.         # Update $tmpUsr to the most recent unique username
52.     tmpUsr="$u"
53. done
54.  
55. # If arrUsers is empty, report error and exit
56. if [ ${#arrUsers} -eq 0 ]; then echo "Error, no users detected!"; exit 1; fi
57.  
58. # Report File's headers
59. ltf "# auditUsrGrp.sh Report File\n# "
60. ltf "# Below are a list of all users, their group memberships and other information"
61. ltf "# $sep\n# Date:\t$(date +%Y-%m-%d@%H:%M:%S)\n#\n$sep\n"
62.  
63. # Iterate through our list of users, their membership to various groups, and last logon time
64. for (( i=0; i<${#arrUsers}; i++ )); do
65.     # Skip if ${arrUsers[$i]} is empty
66.     [[ "${arrUsers[$i]}" == "" ]] && continue;
67.  
68.     # Get passwd string for user
69.     tmpUsr=$(getent passwd | grep "${arrUsers[$i]}")
70.  
71.     # Insert a seperator
72.     ltf "$sep"
73.  
74.     # Log username and other passwd info
75.     ltf "Username:      ${arrUsers[$i]}"
76.     ltf "UID:           $(echo $tmpUsr | cut -d: -f3)"
77.     ltf "PGID:          $(echo $tmpUsr | cut -d: -f4)"
78.     ltf "NAME:          $(echo $tmpUsr | cut -d: -f5)"
79.     ltf "HOME:          $(echo $tmpUsr | cut -d: -f6)"
80.     ltf "SHELL:         $(echo $tmpUsr | cut -d: -f7)"
81.     ltf "GROUPS($(getent group | grep "${arrUsers[$i]}" | wc -l)):"
82.     for g in $(getent group | grep "${arrUsers[$i]}" | cut -d: -f1); do ltf "               -$g"; done
83.     ltf "Last Login:    $(getLastTime ${arrUsers[$i]})"
84.    
85.     # Insert a seperator and a gap
86.     ltf "$sep\n\n"
87. done
88.  
89. # Cleanup memory and exit
90. unset sep arrUsers tmpUsr reportFile