====== Check expired password ======
[root@nim01]/root# cat /root/scripts/bin/check_expired_users.sh
#!/bin/bash
#@(#) check expired password and send an email if required
# Will only check users with a password
# 02-2024 eif
destination=it@mydom.com
logpath=/root/scripts/logs
logfile=$logpath/expired_users.txt
epoch_now=$(date +%s)
#-----------------------
list_users()
{
printf "#########################################################################################################################\n"
printf "%-25s %-25s %-25s %-25s %-25s\n" '#'USERNAME PWD_SET LASTLOGIN 'EXPIRED_SINCE(days)' UNSUCCESS_COUNT
printf "#########################################################################################################################\n"
cat /etc/security/passwd | grep -p lastupdate | tr '\t' ' ' | sed 's/\ //g' | grep -v '^password=' | grep -v '^flags=' | sed '/^$/d' | paste - - | while read usr1 date1
do
count=""
usr=$(echo $usr1 | cut -d':' -f1)
lastupdate=$(echo $date1 | sed 's/lastupdate=//')
pwdset=$(/opt/freeware/bin/date -d @${lastupdate} '+%d-%m-%Y')
date2=$(lsuser -a time_last_login $usr | awk '{print $2}' | sed 's/time_last_login=//')
maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2)
if [ "$date2" != "" ]
then
lastlog=$(/opt/freeware/bin/date -d @${date2} '+%d-%m-%Y')
count=$(lsuser -a unsuccessful_login_count $usr | awk '{print $2}' | cut -d'=' -f2)
if [ "$count" != "0" ]
then
echo chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s $usr
fi
else
lastlog=never
fi
if [ "$maxage" == "0" ]
then
expire="never"
else
(( days_maxage = 7 * maxage ))
(( epoch_sincelastchange = epoch_now - lastupdate ))
(( days_sincelastchange = epoch_sincelastchange / (3600*24) ))
(( expire = days_sincelastchange - days_maxage ))
fi
printf "%-25s %-25s %-25s %-25s %-25s\n" $usr $pwdset $lastlog $expire $count
done
}
#-----------------------
sendemail()
{
if [ -s $logfile ]
then
cat $logfile | mail -s "Expired users for server $(hostname)" $destination
fi
}
########################
# Main
########################
main()
{
list_users
sendemail
}
main | tee $logfile
Output:
root@nim /root/scripts> ./check_expired_users.sh
##########################################################################################################
#USERNAME PWD_SET LASTLOGIN EXPIRED_SINCE(days) UNSUCCESS_COUNT
##########################################################################################################
root 18-02-2024 19-02-2024 never 0
splunk 20-09-2022 20-09-2022 426 0