====== Check expired password ======

<cli prompt='#'>
[root@nim01]/root# cat /root/scripts/bin/check_expired_users.sh
</cli>
<code>
#!/bin/bash
#@(#) check expired password and send an email if required
# Will only check users with a password
# 02-2024 eif

destination=it@mydom.com
logpath=/root/scripts/logs
logfile=$logpath/expired_users.txt

epoch_now=$(date +%s)

#-----------------------
list_users()
{
printf "#########################################################################################################################\n"
printf "%-25s %-25s %-25s %-25s %-25s\n" '#'USERNAME PWD_SET LASTLOGIN 'EXPIRED_SINCE(days)' UNSUCCESS_COUNT
printf "#########################################################################################################################\n"

cat /etc/security/passwd | grep -p lastupdate | tr '\t' ' ' | sed 's/\ //g' | grep -v '^password=' | grep -v '^flags=' | sed '/^$/d' | paste - - | while read usr1 date1
do
  count=""
  usr=$(echo $usr1 | cut -d':' -f1)
  lastupdate=$(echo $date1 | sed 's/lastupdate=//')
  pwdset=$(/opt/freeware/bin/date -d @${lastupdate} '+%d-%m-%Y')
  date2=$(lsuser -a time_last_login $usr | awk '{print $2}' | sed 's/time_last_login=//')
  maxage=$(lsuser -a maxage $usr | cut -d " " -f2 | cut -d "=" -f2)

  if [ "$date2" != "" ]
  then
    lastlog=$(/opt/freeware/bin/date -d @${date2} '+%d-%m-%Y')
    count=$(lsuser -a unsuccessful_login_count $usr | awk '{print $2}' | cut -d'=' -f2)
    if [ "$count" != "0" ]
    then
      echo chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s $usr
    fi
  else
    lastlog=never
  fi

  if [ "$maxage" == "0" ]
  then
    expire="never"
  else
    (( days_maxage = 7 * maxage ))
    (( epoch_sincelastchange = epoch_now - lastupdate ))
    (( days_sincelastchange = epoch_sincelastchange / (3600*24) ))
    (( expire = days_sincelastchange - days_maxage ))
  fi

  printf "%-25s %-25s %-25s %-25s %-25s\n" $usr $pwdset $lastlog $expire $count
done
}

#-----------------------
sendemail()
{
if [ -s $logfile ]
then
  cat $logfile | mail -s "Expired users for server $(hostname)" $destination
fi
}

########################
# Main
########################
main()
{
list_users
sendemail
}

main | tee $logfile
</code>

Output:
<cli prompt='>'>
root@nim /root/scripts> ./check_expired_users.sh

##########################################################################################################
#USERNAME             PWD_SET        LASTLOGIN                 EXPIRED_SINCE(days)       UNSUCCESS_COUNT
##########################################################################################################
root                  18-02-2024     19-02-2024                never                     0
splunk                20-09-2022     20-09-2022                426                       0
</cli>