Changed to similar levels of abstracion in user creation and deletion + not async

monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py

@@ -54,10 +54,11 @@ class CommunicateAsNewUser(PBA):
             final_command = ' '.join(linux_cmds)
             exit_status = os.system(final_command)
             self.send_ping_result_telemetry(exit_status, commandline, username)
-            # delete the user, async in case it gets stuck.
+            # delete the user.
             commands_to_delete_user = get_linux_commands_to_delete_user(username)
             logger.debug("Trying to delete the user {} with commands {}".format(username, str(commands_to_delete_user)))
-            _ = subprocess.Popen(commands_to_delete_user, stderr=subprocess.STDOUT, shell=True)
+            delete_user_output = subprocess.check_output(" ".join(commands_to_delete_user), stderr=subprocess.STDOUT, shell=True)
+            logger.debug("Deletion output: {}".format(delete_user_output))
             # Leaking the process on purpose - nothing we can do if it's stuck.
         except subprocess.CalledProcessError as e:
             PostBreachTelem(self, (e.output, False)).send()

monkey/infection_monkey/utils/linux/users.py

@@ -3,12 +3,12 @@ import datetime
 
 def get_linux_commands_to_add_user(username):
     return [
-        'useradd',
+        'adduser',  # https://linux.die.net/man/8/adduser
         '-M',  # Do not create homedir
-        '--expiredate',
+        '--expiredate',  # The date on which the user account will be disabled.
         datetime.datetime.today().strftime('%Y-%m-%d'),
-        '--inactive',
-        '0',
+        '--inactive',  # The number of days after a password expires until the account is permanently disabled.
+        '0',  # A value of 0 disables the account as soon as the password has expired
         '-c',  # Comment
         'MONKEY_USER',  # Comment
         username]