GitHub is the leading company for software development and version control using Git. That allows us to create public repositories as well as private ones. Both have their own benefits. The private repositories are secured with authentication, whereas the public repositories are accessible to everyone. Sometimes, we or our teams make repositories with public access that may contain sensitive data. It’s a good idea, to configure a script that notifies us of the repositories left public access.

In this tutorial, I have created a shell script that checks for all public repositories under a GitHub account and sends a notification email. The script can be scheduled under the cronjobs to automate this.

Pre-Requisiteis

This script uses Curl and SendEmail command line utilities. So make sure you have installed both packages on your system.

sudo apt install curl sendemail

The curl command is used to call GitHub API and SendEmail is used for sending email via the SMTP server.

Create a Shell Script

I have already created a bash script for you. You can simply copy the script and write it in a file on your system.

  1. Create a shell script in your system and edit it in your favorite text editor: 
    nano check-github-public-repos.sh
  2. Copy the below content and paste it into the edited file.

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13

    14

    15

    16

    17

    18

    19

    20

    21

    22

    23

    24

    25

    26

    27

    28

    29

    30

    31

    32

    33

    34

    35

    36

    37

    38

    39

    40

    41

    42

    43

    44

    45

    46

    47

    48

    49

    50

    51

    52

    53

    54

    #!/usr/bin/env bash

    ## Set your GitHub username or organization name

    GITHUB_USER=“tecadmin”

    ## Temporary files and curl binary location

    TEMP_FILE=“https://tecadmin.net/tmp/out.txt”

    MAIL_LOG=“https://tecadmin.net/tmp/github-mail.log”

    CURL_BIN=“https://tecadmin.net/usr/bin/curl”

    ## SMTP details for sending email notifications.

    SMTP_HOST=“email-smtp.us-east-1.amazonaws.com”

    SMTP_PORT=“587”

    SMTP_USER=“XXXXXXXXXXXXXXX”

    SMTP_PASS=“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”

    ## Script begins here.

    ## Find out all the GitHub repositories that are publically accessible.

    ${CURL_BIN} s https://api.github.com/users/${GITHUB_USER}/repos | grep “https://github.com/[a-zA-Z0-9-]*/[a-zA-Z0-9-]*.git” > ${TEMP_FILE}

    ## Send an email notification if a public repository found

    if [ $? eq 0 ]; then

      echo e “Dear Admin n” >  ${MAIL_LOG}

      echo e “We found few public repositories in your GitHub account (${GITHUB_USER}) n” >> ${MAIL_LOG}

      count=1

      while read line; do

            REPO_URL=`echo ${line} | cut d“:” f2,3 | cut d“,” f1`

            echo “{count}. ${REPO_URL}” >> ${MAIL_LOG}

            ((count ))

      done < ${TEMP_FILE}

      echo e “nn–nThanks” >> ${MAIL_LOG}

      ## Modify the email subject as per your  convenience

      EMAIL_SUBJECT=“WARNING: Github Public Repo Found”

      ## Send the notification email. The system must have installed “SendEmail” (not Sendmail)

      ## command on your system.

      cat ${MAIL_LOG} | sendemail l /tmp/email.log

          f ${EMAIL_FROM}

          u ${EMAIL_SUBJECT}

          t ${EMAIL_TO}  

          s ${SMTP_HOST}:${SMTP_PORT}  

          o tls=yes  

          xu ${SMTP_USER}  

          xp ${SMTP_PASS}

    fi

    ## Uncomment below to print the email as output

    #cat ${MAIL_LOG}
  3. Update the “GITHUB_USER” id with your GitHub user or organization name. Also, update the SMTP details to get email notifications.
  4. Press “CTRL O” to write the changes and then “CTRL X” to quit the editor. Then make the shell script executable with the following command. 
    chmod  x check-github-public-repos.sh
  5. Now, your script is ready to run. You can simply execute your script directly on the terminal. To print the results on screen, you can uncomment the last line of the script. 
    bash check-github-public-repos.sh

On successful execution, if the script found any public repository in your GitHub account. You will get an email notification in your mailbox.

Schedule Script with Crontab

You can schedule this script to run daily, weekly or twice a week. The following crontab example will run this script daily at 12:00 AM.

## Check GitHub public repositories

0   0   *   *   *   bash checkgithubpublicrepos.sh

Conclusion

It is most important to keep our hard work safe. This script will alert you to the pubic repositories in your GitHub account. You can modify the script as per your requirements. You can also provide your enhancement via the comments. Also provide your feedback about this script, which encourages us to write more.

, ,
Show Comments