Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # auditUsrGrp.sh
- # Author: u/JustAnotherITUser
- # Date: 2018-11-30
- #
- # This is a quick script to automate the auditing of all users and groups
- # Essentially, if you want to check and see which users/groups to prune off over time,
- # you can use this script to generate a report of all users which are classified as 'active',
- # as well as list which users/groups are no longer 'active'
- #
- # NOTE:
- # -This will not audit system/nologin users*
- # -Does not query any AD Database*
- #
- #
- # * == This feature could be added, but this is just an example
- # Functions
- # Log to file -- not necessary, but makes writing a bit easier
- function ltf() {
- if [ ${#1} -eq 0 ]; then return; fi
- echo -e "$1" >> "$reportFile"
- }
- # Get last logon time
- function getLastTime() {
- if [ ${#1} -eq 0 ]; then return; fi
- # Get most recent login data, with ISO timestamps
- echo "$(last --time-format iso --limit 1 $1 | grep -Ev "wtmp|^$" | sed -e 's/ \+/ /g' | cut -d' ' -f4)"
- }
- # Vars
- reportFile="$HOME/usrGrpAudit" # Output File -- Generated Report
- arrUsers=() # Array for all users
- tmpUsr='' # "Previous User" in a given
- sep='---------------------------------' # Seperator -- for the report file
- # Get All unique users
- for u in $(getent passwd | grep -E "/home|/bin/bash" | grep -v "syslog" | cut -d: -f1); do
- # If previous user is empty
- if [[ $tmpUsr == '' ]]; then
- # Add $u to the user list
- arrUsers+=("$u")
- else
- # if $u is already listed in $ul, skip add and $tmpUsr updates
- echo "$ul" | grep "$u" >/dev/null 2>&1 && continue;
- # Else add user to the list
- arrUsers+=("$u")
- fi
- # Update $tmpUsr to the most recent unique username
- tmpUsr="$u"
- done
- # If arrUsers is empty, report error and exit
- if [ ${#arrUsers} -eq 0 ]; then echo "Error, no users detected!"; exit 1; fi
- # Report File's headers
- ltf "# auditUsrGrp.sh Report File\n# "
- ltf "# Below are a list of all users, their group memberships and other information"
- ltf "# $sep\n# Date:\t$(date +%Y-%m-%d@%H:%M:%S)\n#\n$sep\n"
- # Iterate through our list of users, their membership to various groups, and last logon time
- for (( i=0; i<${#arrUsers}; i++ )); do
- # Skip if ${arrUsers[$i]} is empty
- [[ "${arrUsers[$i]}" == "" ]] && continue;
- # Get passwd string for user
- tmpUsr=$(getent passwd | grep "${arrUsers[$i]}")
- # Insert a seperator
- ltf "$sep"
- # Log username and other passwd info
- ltf "Username: ${arrUsers[$i]}"
- ltf "UID: $(echo $tmpUsr | cut -d: -f3)"
- ltf "PGID: $(echo $tmpUsr | cut -d: -f4)"
- ltf "NAME: $(echo $tmpUsr | cut -d: -f5)"
- ltf "HOME: $(echo $tmpUsr | cut -d: -f6)"
- ltf "SHELL: $(echo $tmpUsr | cut -d: -f7)"
- ltf "GROUPS($(getent group | grep "${arrUsers[$i]}" | wc -l)):"
- for g in $(getent group | grep "${arrUsers[$i]}" | cut -d: -f1); do ltf " -$g"; done
- ltf "Last Login: $(getLastTime ${arrUsers[$i]})"
- # Insert a seperator and a gap
- ltf "$sep\n\n"
- done
- # Cleanup memory and exit
- unset sep arrUsers tmpUsr reportFile
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement