User Audit Kit
For Linux sysadmins and SREs who need a defensible account inventory before an audit, an offboarding sweep, or a compliance review — without touching a single file on the server.
You inherited a Linux box. Maybe three of them. You know there are old accounts in `/etc/passwd` — contractors who left, a dev who was offboarded six months ago, a CI service user that still has `/bin/bash` for reasons no one remembers. You *could* manually cross-reference `chage -l`, `last`, and `sudoers` across every account. Or you could run one script. **User Audit Kit** is a read-only Bash toolkit that maps every local user account on a Linux host in a single pass. Drop it on any server, run one command with `sudo`, and get a complete Markdown report in under three minutes — no agent to install, no external dependencies, no writes to the system. The report flags eight distinct account conditions: login-capable vs. shell-locked, sudo access, password age and expiration, stale last-login dates, UID collisions, system accounts with unexpected shells, and accounts that appear locked vs. truly disabled. Every field is defined. Every flag includes a remediation decision tree in the companion runbook.
What's Inside
- 📦user-audit.sh — Main audit script; parses /etc/passwd, queries chage, last, getent, and sudoers; emits a full Markdown report to stdout
- 📦runbook.md — Operator guide with prerequisites, field glossary, empty-shadow-hash note, and remediation decision tree
- 📦sample-output.md — Pre-rendered example report from a fictional 16-account host showing all 8 flag types
- 📦README.md — Quick-start, prerequisites, and companion kit upsell
One-time purchase
10/10