diff options
| author | bill-auger <mr.j.spam.me@gmail.com> | 2019-11-26 21:03:41 -0500 |
|---|---|---|
| committer | bill-auger <mr.j.spam.me@gmail.com> | 2020-12-16 08:15:17 -0500 |
| commit | f6e76963e75f29c6f18397e3606799416d43b6f2 (patch) | |
| tree | 5b743523ad9e0fdcdbbd87e5ac0b3e83cf2f97fe | |
| parent | 6f112c6373f174e316975b94077b974e8d96a7be (diff) | |
add bin/last-git-login - deduce login of last git push
added for use by pbot's notify-pbot-git-hook
| -rwxr-xr-x | bin/last-git-login | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/bin/last-git-login b/bin/last-git-login new file mode 100755 index 0000000..c23307a --- /dev/null +++ b/bin/last-git-login @@ -0,0 +1,40 @@ +# ASSERT: this script must be executed with effective group membership in one of: +# [ adm systemd-journal wheel ] + + +readonly HACKERS_LIB_DIR=/usr/lib/parabola-hackers + + +FindHackerBySshSha() # (hacker_ssh_sha) +{ + local hacker_ssh_sha=$1 + local hacker_login + + for hacker_login in $(${HACKERS_LIB_DIR}/meta-cat --group git | cut -d ',' -f 2) + do ${HACKERS_LIB_DIR}/ssh-list-authorized-keys ${hacker_login} | \ + while read ssh_key + do ssh_sha=$(ssh-keygen -l -E sha256 -f - <<<${ssh_key} | cut -d ' ' -f 2) + + [[ "${ssh_sha}" == "${hacker_ssh_sha}" ]] && echo ${hacker_login} && break + done && break + done +} + +LastHackerLogin() +{ + local last_ssh_sha="$(journalctl --unit=sshd.service --since=-24h 2> /dev/null | \ + grep 'Accepted publickey for git from ' | \ + tail -n 1 | \ + sed 's|.*ssh2: .* \(SHA256:.*\)$|\1|' )" + local hacker_login=$(FindHackerBySshSha ${last_ssh_sha}) + + if [[ -n "${hacker_login}" ]] + then echo ${hacker_login} + else echo "can not determine the last hacker login" >&2 + fi + + [[ -n "${this_hacker_login}" ]] +} + + +LastHackerLogin |