This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
aix:scripts_category:check_password_expiration [2021/01/01 21:25] 127.0.0.1 external edit |
aix:scripts_category:check_password_expiration [2024/02/19 10:33] (current) manu |
||
---|---|---|---|
Line 2: | Line 2: | ||
<cli prompt='#'> | <cli prompt='#'> | ||
- | [root@nim01]/root# cat /root/scripts/bin/check_expire_user.sh | + | [root@nim01]/root# cat /root/scripts/bin/check_expired_users.sh |
</cli> | </cli> | ||
<code> | <code> | ||
Line 8: | Line 8: | ||
#@(#) check expired password and send an email if required | #@(#) check expired password and send an email if required | ||
# Will only check users with a password | # Will only check users with a password | ||
+ | # 02-2024 eif | ||
destination=it@mydom.com | destination=it@mydom.com | ||
logpath=/root/scripts/logs | logpath=/root/scripts/logs | ||
logfile=$logpath/expired_users.txt | logfile=$logpath/expired_users.txt | ||
- | maxage_admin=90 # default value for maxage if not specified | ||
epoch_now=$(date +%s) | epoch_now=$(date +%s) | ||
- | if [ ! -d $logpath ] | + | #----------------------- |
- | then | + | list_users() |
- | mkdir -p $logpath | + | { |
- | fi | + | printf "#########################################################################################################################\n" |
- | cat /dev/null > $logfile | + | printf "%-25s %-25s %-25s %-25s %-25s\n" '#'USERNAME PWD_SET LASTLOGIN 'EXPIRED_SINCE(days)' UNSUCCESS_COUNT |
+ | printf "#########################################################################################################################\n" | ||
- | for usr in $(cat /etc/security/passwd | grep -p lastupdate | egrep ":" | sed 's/://') | + | cat /etc/security/passwd | grep -p lastupdate | tr '\t' ' ' | sed 's/\ //g' | grep -v '^password=' | grep -v '^flags=' | sed '/^$/d' | paste - - | while read usr1 date1 |
do | do | ||
- | epoch_lastupdate=$(lssec -f /etc/security/passwd -a lastupdate -s $usr | cut -d " " -f2 | cut -d "=" -f2) | + | count="" |
- | epoch_lastlogin=$(lsuser -a time_last_login $usr | cut -d " " -f2 | cut -d "=" -f2) | + | usr=$(echo $usr1 | cut -d':' -f1) |
+ | lastupdate=$(echo $date1 | sed 's/lastupdate=//') | ||
+ | pwdset=$(/opt/freeware/bin/date -d @${lastupdate} '+%d-%m-%Y') | ||
+ | date2=$(lsuser -a time_last_login $usr | awk '{print $2}' | sed 's/time_last_login=//') | ||
maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2) | maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2) | ||
- | (( epoch_sincelastchange = epoch_now - epoch_lastupdate )) | + | |
- | (( days_sincelastchange = epoch_sincelastchange / (3600*24) )) | + | if [ "$date2" != "" ] |
- | if [[ "$maxage" == "0" ]] | + | |
then | then | ||
- | days_maxage=${maxage_admin} | + | lastlog=$(/opt/freeware/bin/date -d @${date2} '+%d-%m-%Y') |
+ | count=$(lsuser -a unsuccessful_login_count $usr | awk '{print $2}' | cut -d'=' -f2) | ||
+ | if [ "$count" != "0" ] | ||
+ | then | ||
+ | echo chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s $usr | ||
+ | fi | ||
else | else | ||
- | (( days_maxage = 7 * maxage )) | + | lastlog=never |
fi | fi | ||
- | + | if [ "$maxage" == "0" ] | |
- | if [[ "${days_sincelastchange}" -gt "${days_maxage}" ]] | + | |
then | then | ||
- | (( days_expired = days_sincelastchange - days_maxage )) | + | expire="never" |
- | echo "Change the password for user $usr expired since ${days_expired} days, lastlogin "$(/opt/freeware/bin/date --date="@${epoch_lastlogin}" +%Y/%m/%d-%T) >> $logfile | + | else |
+ | (( days_maxage = 7 * maxage )) | ||
+ | (( epoch_sincelastchange = epoch_now - lastupdate )) | ||
+ | (( days_sincelastchange = epoch_sincelastchange / (3600*24) )) | ||
+ | (( expire = days_sincelastchange - days_maxage )) | ||
fi | fi | ||
+ | |||
+ | printf "%-25s %-25s %-25s %-25s %-25s\n" $usr $pwdset $lastlog $expire $count | ||
done | done | ||
+ | } | ||
+ | #----------------------- | ||
+ | sendemail() | ||
+ | { | ||
if [ -s $logfile ] | if [ -s $logfile ] | ||
then | then | ||
cat $logfile | mail -s "Expired users for server $(hostname)" $destination | cat $logfile | mail -s "Expired users for server $(hostname)" $destination | ||
fi | fi | ||
+ | } | ||
+ | |||
+ | ######################## | ||
+ | # Main | ||
+ | ######################## | ||
+ | main() | ||
+ | { | ||
+ | list_users | ||
+ | sendemail | ||
+ | } | ||
+ | |||
+ | main | tee $logfile | ||
</code> | </code> | ||
+ | |||
+ | Output: | ||
+ | <cli prompt='>'> | ||
+ | root@nim /root/scripts> ./check_expired_users.sh | ||
+ | |||
+ | ########################################################################################################## | ||
+ | #USERNAME PWD_SET LASTLOGIN EXPIRED_SINCE(days) UNSUCCESS_COUNT | ||
+ | ########################################################################################################## | ||
+ | root 18-02-2024 19-02-2024 never 0 | ||
+ | splunk 20-09-2022 20-09-2022 426 0 | ||
+ | </cli> |