#!/bin/bash

. /usr/local/lib/labtool.shlib || echo 'Error: labtool.shlib not found!'
trap on_exit EXIT

check_root

USERS="sspade dtracy bboop"
GROUP=consultants
GROUP_ID=40000
ACCOUNT_EXPIRE=90
PASSWORD_EXPIRE=30

for U in $USERS
do
    echo -n "* Checking user account for ${U}... "
    if grep -q $U /etc/passwd
    then
        echo "PASS"
    else
        echo "FAIL"
        echo "No account found for ${U}."
    fi
done

echo
echo -n "* Checking for the $GROUP group... "
G="$(grep $GROUP /etc/group | cut -d: -f3)"
if [[ $G == $GROUP_ID ]]
then
    echo "PASS"
else
    echo "FAIL"
    echo "The $GROUP group does not exist or does not have the correct gid."
fi

echo
for U in $USERS
do
    echo -n "* Checking supplemental group membership for ${U}... "
    if groups $U 2>/dev/null | grep -q $GROUP
    then
        echo "PASS"
    else
        echo "FAIL"
        echo "The user $U is not in the $GROUP group."
    fi
done

echo
for U in $USERS
do
    echo -n "* Checking account expiration for ${U}... "
    value="$(grep $U /etc/shadow | cut -d: -f8)"
    # Should be whatever is in column 3 plus $ACCOUNT_EXPIRE
    EXPIRE_DATE=$(( $(grep $U /etc/shadow | cut -d: -f3) + $ACCOUNT_EXPIRE ))
    if [[ $value == $EXPIRE_DATE ]]
    #if [[ $value == $ACCOUNT_EXPIRE ]]
    then
        echo "PASS"
    else
        echo "FAIL"
        echo "The account for $U is not set to expire in $ACCOUNT_EXPIRE days."
    fi
done

echo
for U in $USERS
do
    echo -n "* Checking password expiration for ${U}... "
    value="$(grep $U /etc/shadow | cut -d: -f5)"
    if [[ $value == $PASSWORD_EXPIRE ]]
    then
        echo "PASS"
    else
        echo "FAIL"
        echo "The password for $U is not set to expire in $PASSWORD_EXPIRE days."
    fi
done

exit

