#!/bin/bash #ssullivan@liquidweb.com if ! id | grep -q "uid=0(root)" ; then echo "Must be root. Exiting..." exit 1 fi passwdFile=/etc/passwd userWhiteList=/root/userWhitelist.conf date=$(/bin/date +%HHours%m-%d-%Y) cp -Rp $passwdFile $passwdFile.$date if [ -e $userWhiteList ]; then echo "" else touch $userWhiteList fi #Check if white list file is empty... emptyCheck=$(cat $userWhiteList | grep [a-z] |wc -l) if [ $emptyCheck == 0 ]; then echo "Your $userWhiteList is empty. Please add at least one user you want to leave shell access enabled for! Exiting..." exit 1 else #Remove all /bin/bash shells found in passwd file sed -i s,/bin/bash,/bin/false,g $passwdFile count=0 lineTotal=$(cat $passwdFile | wc -l) for user in `cat $userWhiteList`; do for each in `seq 1 "$lineTotal"` ; do count=`expr $count + 1` #echo "$count is the value of count!!" if [ "$count" == "$lineTotal" ]; then count=0 else result=$(grep -n "." $passwdFile | grep "^$count:" | grep $count:$user) #echo $count:$user #if $result is not null... if [ -n "$result" ] ; then #echo "Old value: $result" userResult=$result userResultLine=$(echo $userResult | awk 'BEGIN { FS = ":" } ; { print $1 }') #echo "Line number: $userResultLine" if [ $count -lt 10 ]; then userString=$(grep -n "." $passwdFile | grep "^$count:" | grep $count:$user | cut -c3-800) else userString=$(grep -n "." $passwdFile | grep "^$count:" | grep $count:$user | cut -c4-800) fi ###echo "$userString" ###echo "------------------------------------------" echo $userString > userstring.tmp #delete the line number sed -i "$userResultLine"'d' $passwdFile #Set these users shell back to /bin/bash sed -i 's/false/bash/g' userstring.tmp addMeBack=$(cat userstring.tmp) rm -rf userstring.tmp #add back.. sed -i "1i\\$addMeBack" $passwdFile fi fi done done fi