169 lines
4.4 KiB
Bash
169 lines
4.4 KiB
Bash
#!/bin/bash
|
|
# LUI for RedHat Enterprise Linux - Version 2.1.7b
|
|
#
|
|
# Description: This script searches and organizes information about users on RedHat systems. It is written to make administration easier and for better transparency.
|
|
#
|
|
# Note: this program has been tested on RedHat 6, RedHat 7, CentOS 7 and Fedora 20.
|
|
#
|
|
# Author: s1x
|
|
# License: GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007
|
|
#
|
|
# Copyright (C) 2015 s1x, pgp key 0xF673700F
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
function help {
|
|
echo '''
|
|
Linux User Info v2.1.7b
|
|
|
|
-h This help message.
|
|
-i User information, use as "-i user".
|
|
-x eXtended information.
|
|
-a List all users.
|
|
-l List all users with locked password.
|
|
-u List all users with unlocked password.
|
|
-n List users with nologin shell.
|
|
|
|
You can user multiple arguments too, eg. "./lui_rhl.sh -l -u"
|
|
'''
|
|
}
|
|
|
|
function user_info {
|
|
data=$(grep ^$OPTARG: /etc/passwd)
|
|
if [ -z "$data" ]
|
|
then
|
|
echo "User not found in /etc/passwd."
|
|
exit ;
|
|
fi
|
|
user=$(echo $data | cut -d: -f1 | head -1)
|
|
comment=$(grep ^$user /etc/passwd | cut -d: -f5)
|
|
if [ -z "$comment" ]
|
|
then
|
|
comment="-"
|
|
fi
|
|
home=$(echo $data | cut -d: -f6)
|
|
if [ -z "$home" ]
|
|
then
|
|
home="-"
|
|
fi
|
|
homepriv=$(ls -ld $home | awk {'print $1,$3,$4'})
|
|
if [ -z "$homepriv" ]
|
|
then
|
|
homepriv="Home directory does not exist."
|
|
fi
|
|
pass=$(passwd -S $OPTARG | awk {'print $8,$9,$10,$11'} | sed -e 's/(//' -e 's/)//')
|
|
groups=$(grep "^$user:" /etc/group | rev | cut -d: -f1 | rev)
|
|
if [ -z "$groups" ]
|
|
then
|
|
groups="-"
|
|
fi
|
|
shell=$(echo $data | cut -d: -f7)
|
|
group=$(echo $data | cut -d: -f3)
|
|
ID=$(echo $data | cut -d: -f4)
|
|
|
|
echo
|
|
echo "User name: $user"
|
|
echo "Comment: $comment"
|
|
echo "Password: $pass"
|
|
echo "Home dir: $home"
|
|
echo "Home perm: $homepriv"
|
|
echo "Groups: $groups"
|
|
echo "Login shell: $shell"
|
|
echo "User ID: $ID"
|
|
echo "Group ID: $group"
|
|
echo
|
|
}
|
|
|
|
function eXtended {
|
|
#Experimental function!
|
|
echo
|
|
echo "User information"
|
|
echo "----------------"
|
|
user_info
|
|
chage -l $user | tr -d '\t'
|
|
echo
|
|
echo
|
|
echo "Login information"
|
|
echo -e "----------------- \n"
|
|
echo "Last four logins:"
|
|
last | grep $user | tail -4
|
|
echo
|
|
fails=$(pam_tally2 --user root | sed -n '1!p' | rev | tr -s ' ' | rev | cut -d ' ' -f 2)
|
|
echo "Numer of current failed logins: " $fails
|
|
echo "(Couter reset with pam_tally2.)"
|
|
echo
|
|
fail_list=$(grep sshd.\*Failed /var/log/secure | grep $user)
|
|
if [ ! -z "$fail_list" ]
|
|
then
|
|
echo "Last six login fails:"
|
|
grep sshd.\*Failed /var/log/secure | grep $user | tail -6
|
|
fi
|
|
echo
|
|
}
|
|
|
|
function all_users {
|
|
min_uid=$(grep "^UID_MIN" /etc/login.defs | tr -s ' ' | cut -d' ' -f2)
|
|
echo "System users / Under UID $min_uid"
|
|
echo "---------------------------------"
|
|
awk -F':' -v "minuid=$min_uid" '{ if ( $3 < minuid ) print $0 }' /etc/passwd
|
|
echo
|
|
echo "Normal users / Below UID $min_uid"
|
|
echo "---------------------------------"
|
|
awk -F':' -v "minuid=$min_uid" '{ if ( $3 >= minuid ) print $0 }' /etc/passwd
|
|
}
|
|
|
|
function locked_users {
|
|
echo "Locked users:"
|
|
cat /etc/passwd | cut -d : -f 1 | awk '{ system("passwd -S " $0) }' | grep "locked"
|
|
echo
|
|
}
|
|
|
|
function unlocked_users {
|
|
echo "Unlocked users:"
|
|
cat /etc/passwd | cut -d : -f 1 | awk '{ system("passwd -S " $0) }' | grep -v "locked."
|
|
echo
|
|
}
|
|
|
|
function nologin_users {
|
|
echo "Users with nologin:"
|
|
grep /nologin /etc/passwd
|
|
echo
|
|
}
|
|
|
|
|
|
while getopts ":hi:x:alun" opt;
|
|
do
|
|
case $opt in
|
|
h) help ;;
|
|
i) user_info ;;
|
|
x) eXtended ;;
|
|
a) all_users ;;
|
|
l) locked_users ;;
|
|
u) unlocked_users ;;
|
|
n) nologin_users ;;
|
|
\?)
|
|
echo "Invalid option."
|
|
exit 1 ;;
|
|
:)
|
|
echo "Option -$OPTARG requires an argument."
|
|
|
|
esac
|
|
done
|
|
|
|
if [ -z "$1" ]
|
|
then
|
|
help
|
|
fi
|