aix:scripts_category:check_password_expiration
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
aix:scripts_category:check_password_expiration [2021/01/01 21:25] 127.0.0.1 external edit |
aix:scripts_category:check_password_expiration [2024/02/19 10:33] (current) manu |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| - | [root@nim01]/root# cat /root/scripts/bin/check_expire_user.sh | + | [root@nim01]/root# cat /root/scripts/bin/check_expired_users.sh |
| </cli> | </cli> | ||
| <code> | <code> | ||
| Line 8: | Line 8: | ||
| #@(#) check expired password and send an email if required | #@(#) check expired password and send an email if required | ||
| # Will only check users with a password | # Will only check users with a password | ||
| + | # 02-2024 eif | ||
| destination=it@mydom.com | destination=it@mydom.com | ||
| logpath=/root/scripts/logs | logpath=/root/scripts/logs | ||
| logfile=$logpath/expired_users.txt | logfile=$logpath/expired_users.txt | ||
| - | maxage_admin=90 # default value for maxage if not specified | ||
| epoch_now=$(date +%s) | epoch_now=$(date +%s) | ||
| - | if [ ! -d $logpath ] | + | #----------------------- |
| - | then | + | list_users() |
| - | mkdir -p $logpath | + | { |
| - | fi | + | printf "#########################################################################################################################\n" |
| - | cat /dev/null > $logfile | + | printf "%-25s %-25s %-25s %-25s %-25s\n" '#'USERNAME PWD_SET LASTLOGIN 'EXPIRED_SINCE(days)' UNSUCCESS_COUNT |
| + | printf "#########################################################################################################################\n" | ||
| - | for usr in $(cat /etc/security/passwd | grep -p lastupdate | egrep ":" | sed 's/://') | + | cat /etc/security/passwd | grep -p lastupdate | tr '\t' ' ' | sed 's/\ //g' | grep -v '^password=' | grep -v '^flags=' | sed '/^$/d' | paste - - | while read usr1 date1 |
| do | do | ||
| - | epoch_lastupdate=$(lssec -f /etc/security/passwd -a lastupdate -s $usr | cut -d " " -f2 | cut -d "=" -f2) | + | count="" |
| - | epoch_lastlogin=$(lsuser -a time_last_login $usr | cut -d " " -f2 | cut -d "=" -f2) | + | usr=$(echo $usr1 | cut -d':' -f1) |
| + | lastupdate=$(echo $date1 | sed 's/lastupdate=//') | ||
| + | pwdset=$(/opt/freeware/bin/date -d @${lastupdate} '+%d-%m-%Y') | ||
| + | date2=$(lsuser -a time_last_login $usr | awk '{print $2}' | sed 's/time_last_login=//') | ||
| maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2) | maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2) | ||
| - | (( epoch_sincelastchange = epoch_now - epoch_lastupdate )) | + | |
| - | (( days_sincelastchange = epoch_sincelastchange / (3600*24) )) | + | if [ "$date2" != "" ] |
| - | if [[ "$maxage" == "0" ]] | + | |
| then | then | ||
| - | days_maxage=${maxage_admin} | + | lastlog=$(/opt/freeware/bin/date -d @${date2} '+%d-%m-%Y') |
| + | count=$(lsuser -a unsuccessful_login_count $usr | awk '{print $2}' | cut -d'=' -f2) | ||
| + | if [ "$count" != "0" ] | ||
| + | then | ||
| + | echo chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s $usr | ||
| + | fi | ||
| else | else | ||
| - | (( days_maxage = 7 * maxage )) | + | lastlog=never |
| fi | fi | ||
| - | + | if [ "$maxage" == "0" ] | |
| - | if [[ "${days_sincelastchange}" -gt "${days_maxage}" ]] | + | |
| then | then | ||
| - | (( days_expired = days_sincelastchange - days_maxage )) | + | expire="never" |
| - | echo "Change the password for user $usr expired since ${days_expired} days, lastlogin "$(/opt/freeware/bin/date --date="@${epoch_lastlogin}" +%Y/%m/%d-%T) >> $logfile | + | else |
| + | (( days_maxage = 7 * maxage )) | ||
| + | (( epoch_sincelastchange = epoch_now - lastupdate )) | ||
| + | (( days_sincelastchange = epoch_sincelastchange / (3600*24) )) | ||
| + | (( expire = days_sincelastchange - days_maxage )) | ||
| fi | fi | ||
| + | |||
| + | printf "%-25s %-25s %-25s %-25s %-25s\n" $usr $pwdset $lastlog $expire $count | ||
| done | done | ||
| + | } | ||
| + | #----------------------- | ||
| + | sendemail() | ||
| + | { | ||
| if [ -s $logfile ] | if [ -s $logfile ] | ||
| then | then | ||
| cat $logfile | mail -s "Expired users for server $(hostname)" $destination | cat $logfile | mail -s "Expired users for server $(hostname)" $destination | ||
| fi | fi | ||
| + | } | ||
| + | |||
| + | ######################## | ||
| + | # Main | ||
| + | ######################## | ||
| + | main() | ||
| + | { | ||
| + | list_users | ||
| + | sendemail | ||
| + | } | ||
| + | |||
| + | main | tee $logfile | ||
| </code> | </code> | ||
| + | |||
| + | Output: | ||
| + | <cli prompt='>'> | ||
| + | root@nim /root/scripts> ./check_expired_users.sh | ||
| + | |||
| + | ########################################################################################################## | ||
| + | #USERNAME PWD_SET LASTLOGIN EXPIRED_SINCE(days) UNSUCCESS_COUNT | ||
| + | ########################################################################################################## | ||
| + | root 18-02-2024 19-02-2024 never 0 | ||
| + | splunk 20-09-2022 20-09-2022 426 0 | ||
| + | </cli> | ||
aix/scripts_category/check_password_expiration.1609532747.txt.gz · Last modified: 2021/01/01 21:25 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
