use strict;
use warnings;


# $user, $passwd, $uid, $gid, $gecos, $homedir,  $shell
my ($sysShells, $badShells, $passwds, $uid, $gid, $wheel, $ssh);
$sysShells = "\nUSER:PASSWD:USERID:GROUPID:GECOS:HOMEDIR:SHELL";
$badShells = "\nBAD SHELLS \n(except for root, system user shells should be /sbin/nologin)\nuser|uid|shell";
$passwds = "\nCLEAR or EMPTY PASSWORDS\n(password field not set to x, should see no output)";
$uid = "\nUSERS with UID of ZERO \n(should only be root)\nuser|uid|gid|shell";
$gid = "\nUSERS with GID of ZERO \n(should be root plus all members of root group)\nuser|uid|gid|shell";
$wheel = "\nUsers in WHEEL GROUP:\n";
$ssh = "\nSSH CONFIG (selected options)\n";

# copy the password file
my $passwdFile = 't_e_s_t_passwd';
my $copy = `cp -pf /etc/passwd $passwdFile`;

unless(open(READFILE, "<$passwdFile"))
{
	print "Error opening file $passwdFile\n";
	die;
}
my @userIDsShells = <READFILE>;
close(READFILE);

# delete the copy of password file
my $remove = `rm -f $passwdFile`;


my $run = 1;
while($run)
{
    print "\nPlease enter a selection from the list below:\n";
    print "users    :     all users, paswords, user IDs, group IDs, comments, home directory, and shells.\n";
    print "passwds  :     all users with Empty passwords, enter passwds.\n";
    print "uid      :     all users with UID 0 (root access).\n";
    print "gid      :     all users with GID 0 (root access).\n";
    print "shells   :     system users, who do not have \/sbin\/nologin as their shell.\n";
    print "wheel    :     users in wheel group.\n";
    print "sshd     :     selected sshd_config options.\n";
    print "exit     :     to exit.\n";
    print "\n*******************************************************************************\n";

    chomp(my $choice = <STDIN>);

    if($choice eq 'users')            { showUsers($sysShells, @userIDsShells);}
    elsif($choice eq 'passwds')       { showEmptyPasswds($passwds, @userIDsShells);}
    elsif ($choice eq 'uid')          { showUsersWithUIDofZero($uid, @userIDsShells);}
    elsif ($choice eq 'gid')          { showUsersWithGIDofZero($gid, @userIDsShells);}
    elsif($choice eq 'shells')        { showSystemUsersWithBadShells($badShells, @userIDsShells);}
    elsif($choice eq 'wheel')         { limitSUcmdToWheel($wheel);}
    elsif($choice eq 'sshd')           { selectedSSH_ConfigOptions($ssh);}
    elsif ($choice eq 'exit')         { print "Goodbye!!!\n"; $run=0;}
    else                              { print "Bad choice.  Try again.\n"; message();}
}

########################################################################################################

sub showUsers
{
    my $header = shift;
    my @array = @_;
    print "\n*******************************************************************************\n";
    print "$header\n\n";
    for(my $index=0; $index<@array; $index++)
    {
         print "$array[$index]\n";
    }
    print "\n*******************************************************************************\n";
    
    return;
}


sub showEmptyPasswds
{
    my $header = shift;
    my @array = @_;
    print "\n*******************************************************************************\n";
    print "$header\n\n";
    if(@array == 0)
    {
    	print "NONE\n";
    }
    else
    {
    	for(my $index=0; $index<@array; $index++)
    	{
          chomp($array[$index]);
          my ($user, $passwd, $uid, $gid, $gecos, $homedir,  $shell) = split/:/, $array[$index];
         	if($passwd ne 'x')
         	{
         		print "$user|$passwd\n";
         	}	
     	}
    }

    print "\n*******************************************************************************\n";

    return;
}


sub showUsersWithUIDofZero
{
    my $header = shift;
    my @array = @_;
    my $nologin = '/sbin/nologin';
    print "\n*******************************************************************************\n";
    print "$header\n\n";
    if(@array == 0)
    {
       print "NONE\n";
    }
    else
    {
    	for(my $index=0; $index<@array; $index++)
    	{
          chomp($array[$index]);
          my ($user, $passwd, $uid, $gid, $gecos, $homedir,  $shell) = split/:/, $array[$index];
          if($uid == 0)
          {
              print "$user|$uid|$gid|$shell\n";
          }
    	}
    }

    print "\n*******************************************************************************\n";

    return;
}


sub showUsersWithGIDofZero
{
    my $header = shift;
    my @array = @_;
    my $nologin = '/sbin/nologin';
    print "\n*******************************************************************************\n";
    print "$header\n\n";
    if(@array == 0)
    {
       print "NONE\n";
    }
    else
    {
    	for(my $index=0; $index<@array; $index++)
    	{
          chomp($array[$index]);
          my ($user, $passwd, $uid, $gid, $gecos, $homedir,  $shell) = split/:/, $array[$index];
          if($gid == 0)
          {
              print "$user|$uid|$gid|$shell\n";
          }
    	}
    }

    print "\n*******************************************************************************\n";

    return;
}


sub showSystemUsersWithBadShells
{
    my $header = shift;
    my @array = @_;
    my $nologin = '/sbin/nologin';
    print "\n*******************************************************************************\n";
    print "$header\n\n";
    if(@array == 0)
    {
       print "NONE\n";
    }
    else
    {
    	for(my $index=0; $index<@array; $index++)
    	{
          chomp($array[$index]);
          my ($user, $passwd, $uid, $gid, $gecos, $homedir,  $shell) = split/:/, $array[$index];

          #print "\n\n$array[$index]\n";
          #print "**shell=$shell***     ***nologin=$nologin***\n";
          if($uid < 500  && $shell ne $nologin)
          {
              print "$user|$uid|$shell\n";
          }
    	}
    }

    print "\n*******************************************************************************\n";

    return;
}


sub limitSUcmdToWheel
{
    my $header = shift;
    my $wheel = `grep -i wheel /etc/group`;
    my $suConfig = `grep -i pam /etc/pam.d/su`;
    print "\n*******************************************************************************\n";
    print "$header";
    print "$wheel\n";
    print "(\/etc\/pam.d\/su:  auth required \/lib\/security\/pam_wheel.so use_id)\n";
    print "$suConfig\n";
    print "\n*******************************************************************************\n";
    
    return;

}


sub selectedSSH_ConfigOptions
{
    my $header = shift;
    my $allowedUsers = `grep -i allowusers /etc/ssh/sshd_config`;
    my $permitRootLogin = `grep -i permitrootlogin /etc/ssh/sshd_config`;
    my $permitEmptyPasswords = `grep -i permitemptypasswords /etc/ssh/sshd_config`;
    my $protocol = `grep Protocol /etc/ssh/sshd_config`;
    my $ignore = `grep -i ignorerhosts /etc/ssh/sshd_config`;
    my $client = `grep -i client /etc/ssh/sshd_config`;

    print "\n*******************************************************************************\n";
    print "$header\n";
    print "$allowedUsers\n";
    print "$permitRootLogin\n";
    print "$permitEmptyPasswords\n";
    print "$protocol\n";
    print "$ignore\n";
    print "$client\n";
    print "$allowedUsers\n";
    print "\n*******************************************************************************\n";
    
    return;
}


sub message
{
   print "\n\nPress enter to continue.\n";
   <STDIN>;
}