Linux Unlock Device Script

Problem Overview

Once a device has been locked due to security concerns, it’s essential to restore full access once the threat has passed or the device is recovered. This script systematically unlocks all user accounts—including the root user—returning the system to regular operational status without hindering remote management from Level.

Description

The script scans the system for valid local user accounts and reverts each from a locked status to an active one. Additionally, it resets the root account, ensuring administrators can regain superuser privileges without obstruction. Throughout this process, your device remains connected to Level, so you maintain remote visibility and control.

Script

1#!/bin/bash
2
3# This resource is provided as a convenience for Level users. We cannot 
4# guarantee it will work in all environments. Please test before deploying 
5# to your production environment. We welcome contributions to our community 
6# library
7
8# Level Library
9# https://level.io/library/script-linux-unlock-device
10
11# Initialize script-scoped error flag
12script_errors=false
13
14echo "Re-enabling all user accounts (SSH & local access)..."
15for user in $(awk -F: '{if ($3 >= 1000 && $3 < 65534) print $1}' /etc/passwd); do
16    passwd -u "$user" &> /dev/null
17    usermod -U -e "" "$user" &> /dev/null
18    if [[ $? -ne 0 ]]; then
19        echo "ALERT: Failed to unlock user account $user."
20        script_errors=true
21    fi
22done
23
24echo "Unlocking root account..."
25passwd -u root &> /dev/null
26usermod -U -e "" root &> /dev/null
27if [[ $? -ne 0 ]]; then
28    echo "ALERT: Failed to unlock root account."
29    script_errors=true
30fi
31
32if [[ "$script_errors" == true ]]; then
33    echo "ALERT: Errors occurred during execution. Exiting with code 1."
34    exit 1
35else
36    echo "All user accounts have been successfully unlocked."
37fi
38

‍

Use Cases

• Re-enabling accounts post-emergency lockdown
• Restoring device functionality after security events or audits
• Allowing normal operations to resume following a temporary maintenance lockout
• Quickly unlocking user access after a threat has been mitigated

Recommendations

• Test on non-production systems to confirm compatibility and safe operation
• Pair with the Linux Lock Device Script to handle lock-and-unlock cycles seamlessly
• Configure a Level Automation to schedule unlocking tasks if needed routinely
• Verify the accounts have successfully unlocked by testing normal SSH or local logins

FAQ

• Will this remove the device from Level management?
  ‍No. The script only unlocks user accounts; it does not affect Level’s remote management.

• How can I confirm if a user has been unlocked?
  ‍After running the script, attempt a local login or SSH session with valid credentials to verify successful reactivation.

• What if the script fails to unlock certain accounts?
  ‍Check the logs and confirm there are no conflicting system restrictions. Additionally, ensure the account names exist and haven’t been removed or altered since lockdown.

• Do I need to run this manually each time?
  ‍You can configure an Automation in Level to run this script automatically on a predefined schedule or on-demand, according to your workflow.