User Tools

Site Tools


aix:scripts_category:check_password_expiration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
aix:scripts_category:check_password_expiration [2021/01/01 21:25]
127.0.0.1 external edit
aix:scripts_category:check_password_expiration [2024/02/19 10:33] (current)
manu
Line 2: Line 2:
  
 <cli prompt='#'>​ <cli prompt='#'>​
-[root@nim01]/​root#​ cat /​root/​scripts/​bin/​check_expire_user.sh+[root@nim01]/​root#​ cat /​root/​scripts/​bin/​check_expired_users.sh
 </​cli>​ </​cli>​
 <​code>​ <​code>​
Line 8: Line 8:
 #@(#) check expired password and send an email if required #@(#) check expired password and send an email if required
 # Will only check users with a password # Will only check users with a password
 +# 02-2024 eif
  
 destination=it@mydom.com destination=it@mydom.com
 logpath=/​root/​scripts/​logs logpath=/​root/​scripts/​logs
 logfile=$logpath/​expired_users.txt logfile=$logpath/​expired_users.txt
-maxage_admin=90 # default value for maxage if not specified 
  
 epoch_now=$(date +%s) epoch_now=$(date +%s)
  
-if [ ! -d $logpath ] +#​----------------------
-then +list_users() 
-  mkdir -p $logpath +{ 
-fi +printf "#########################################################################################################################​\n"​ 
-cat /dev/null > $logfile+printf "%-25s %-25s %-25s %-25s %-25s\n"​ '#'​USERNAME PWD_SET LASTLOGIN '​EXPIRED_SINCE(days)'​ UNSUCCESS_COUNT 
 +printf "#########################################################################################################################​\n"​
  
-for usr in $(cat /​etc/​security/​passwd | grep -p lastupdate | egrep ":" ​| sed 's/://')+cat /​etc/​security/​passwd | grep -p lastupdate | tr '​\t'​ ' ' ​| sed 's///g' ​| grep -v '​^password='​ | grep -v '​^flags='​ | sed '/​^$/​d'​ | paste - - | while read usr1 date1
 do do
-  ​epoch_lastupdate=$(lssec -f /​etc/​security/​passwd -a lastupdate -s $usr | cut -d " " ​-f2 cut -d "​=" ​-f2+  ​count=""​ 
-  ​epoch_lastlogin=$(lsuser -a time_last_login $usr | cut -d " " -f2 cut -d "=" -f2)+  usr=$(echo $usr1 | cut -d':' ​-f1) 
 +  lastupdate=$(echo $date1 ​sed '​s/​lastupdate=//'​) 
 +  pwdset=$(/​opt/​freeware/​bin/​date ​-d @${lastupdate} '+%d-%m-%Y'
 +  ​date2=$(lsuser -a time_last_login $usr | awk '​{print $2}' ​sed '​s/​time_last_login=//')
   maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "​="​ -f2)   maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "​="​ -f2)
-  (( epoch_sincelastchange = epoch_now - epoch_lastupdate )) + 
-  (( days_sincelastchange = epoch_sincelastchange / (3600*24) )) +  if [ "$date2" ​!= ""​ ]
-  if [[ "$maxage" ​== "0" ​]]+
   then   then
-    ​days_maxage=${maxage_admin}+    ​lastlog=$(/​opt/​freeware/​bin/​date -d @${date2'​+%d-%m-%Y'​) 
 +    count=$(lsuser -a unsuccessful_login_count $usr | awk '​{print $2}' | cut -d'​='​ -f2) 
 +    if [ "​$count"​ != "​0"​ ] 
 +    then 
 +      echo chsec -f /​etc/​security/​lastlog -a "​unsuccessful_login_count=0"​ -s $usr 
 +    fi
   else   else
-    ​(( days_maxage ​7 * maxage ))+    ​lastlog=never
   fi   fi
  
- +  ​if [ "$maxage" ​== "0" ]
-  ​if [[ "${days_sincelastchange}" ​-gt "${days_maxage}" ​]]+
   then   then
-    (( days_expired = days_sincelastchange - days_maxage )) +    ​expire="​never"​ 
-    ​echo "​Change the password for user $usr expired since ${days_expired} days, lastlogin "$(/​opt/​freeware/​bin/​date --date="​@${epoch_lastlogin}"​ +%Y/%m/%d-%T>> $logfile+  else 
 +    ​(( days_maxage ​= 7 * maxage ​)) 
 +    (( epoch_sincelastchange = epoch_now ​lastupdate )) 
 +    (( days_sincelastchange ​epoch_sincelastchange ​(3600*24) )) 
 +    (( expire = days_sincelastchange ​days_maxage ))
   fi   fi
 +
 +  printf "%-25s %-25s %-25s %-25s %-25s\n"​ $usr $pwdset $lastlog $expire $count
 done done
 +}
  
 +#​-----------------------
 +sendemail()
 +{
 if [ -s $logfile ] if [ -s $logfile ]
 then then
   cat $logfile | mail -s "​Expired users for server $(hostname)"​ $destination   cat $logfile | mail -s "​Expired users for server $(hostname)"​ $destination
 fi fi
 +}
 +
 +########################​
 +# Main
 +########################​
 +main()
 +{
 +list_users
 +sendemail
 +}
 +
 +main | tee $logfile
 </​code>​ </​code>​
 +
 +Output:
 +<cli prompt='>'>​
 +root@nim /​root/​scripts>​ ./​check_expired_users.sh
 +
 +##########################################################################################################​
 +#​USERNAME ​            ​PWD_SET ​       LASTLOGIN ​                ​EXPIRED_SINCE(days) ​      ​UNSUCCESS_COUNT
 +##########################################################################################################​
 +root                  18-02-2024 ​    ​19-02-2024 ​               never                     0
 +splunk ​               20-09-2022 ​    ​20-09-2022 ​               426                       0
 +</​cli>​
aix/scripts_category/check_password_expiration.1609532747.txt.gz · Last modified: 2021/01/01 21:25 by 127.0.0.1