ORC 31 ‐ Disable user accounts within 1 hour - michaelthielemans/ProjectHosting GitHub Wiki
Standardized Process for Disabling User Accounts
-
Identify the User Account:
- Verify the user account details and ensure that the correct account is targeted for disabling.
-
Notify the User (Optional):
- If company policy requires, notify the user about the account disabling process.
-
Lock the User Account:
- Use the
usermodcommand to lock the user account, preventing password-based logins.
- Use the
-
Disable SSH Key Access:
- Remove the user's SSH public key from the
authorized_keysfile to prevent key-based logins.
- Remove the user's SSH public key from the
-
Change the User's Shell:
- Change the user's shell to
/usr/sbin/nologinto prevent any type of login.
- Change the user's shell to
-
Document the Action:
- Update the company's user management system or records to reflect the change in account status.
-
Audit:
- Perform a system audit to ensure the account has been disabled correctly.
Automation Scripts
Lock User Account Script:
#!/bin/bash
# Script to lock a user account
USERNAME="$1"
# Lock the user account
usermod -L "$USERNAME"
# Remove SSH public key
sed -i "/$USERNAME/d" ~/.ssh/authorized_keys
# Change the user's shell to nologin
usermod -s /usr/sbin/nologin "$USERNAME"
# Log the action
echo "Account for $USERNAME has been disabled on $(date)" >> /var/log/user_management.log
Usage:
sudo ./disable_user.sh username
Audit Script:
#!/bin/bash
# Script to audit the disabling of a user account
USERNAME="$1"
# Check if the user account is locked
LOCK_STATUS=$(passwd -S "$USERNAME" | awk '{print $2}')
# Check if the user's shell is nologin
SHELL_STATUS=$(grep "$USERNAME" /etc/passwd | cut -d: -f7)
if [ "$LOCK_STATUS" == "L" && "$SHELL_STATUS" == "/usr/sbin/nologin" ](/michaelthielemans/ProjectHosting/wiki/-"$LOCK_STATUS"-==-"L"-&&-"$SHELL_STATUS"-==-"/usr/sbin/nologin"-); then
echo "Account for $USERNAME is properly disabled."
else
echo "Account for $USERNAME is NOT properly disabled."
fi
Usage:
sudo ./audit_user.sh username
Make sure to save these scripts as disable_user.sh and audit_user.sh respectively, give them executable permissions using chmod +x, and run them with root privileges.