From: Jonathan Portman (Jonathan.Portman@MPRC.CO.UK)
Date: Thu Mar 25 2004 - 08:33:23 EST
Before acting on this e-mail or opening any attachments you are advised
to read The Caudwell Holdings group of companies' disclaimer at the end
of this e-mail.
_____
Try this script.
It will check and lock the accounts automatically for those logins that
have not been used to s set number of days.
#!/usr/bin/ksh
#set -x
expdays=21
let expiry=86400*$expdays
locked=" "
tmp1=/tmp/exp.tmp1.$$
tmp2=/tmp/exp.tmp2.$$
tmp2a=/tmp/exp.tmp2a.$$
tmp3=/tmp/exp.tmp3.$$
tmp4=/tmp/exp.tmp4.$$
# List all users that are allowed to login
lsuser -a login account_locked time_last_login ALL |grep -Ev
^"root|daemon|bin|sys|adm|nobody" | grep "login=true" > $tmp1
# get all users who have logged in at least once with login date
grep 'time_last_login' $tmp1 | sed -e 's/login=true //' -e
's/account_locked=//' -e 's/time_last_login=//' >$tmp2
# get all users who have not logged in since creation
grep -v 'time_last_login' $tmp1 | sed -e 's/login=true //' -e
's/account_locked=//' >$tmp2a
# get today's date in seconds from epoch for comparison
year=`date +%Y`
day=`date +%j`
hour=`date +%H`
minute=`date +%M`
let today="($year - 1970) * 365 * 86400 + ($day - 1) * 86400 + $hour *
3600 + $minute * 60 + ($year - 1969) / 4 * 86400"
# for each user found, check whether has not been unused too long
cat $tmp2 |while read user locked last
do
let min=$today-$expiry
if [[ $min -gt $last ]]
then
let login="($today - $last) / 86400"
echo $user':'$login':'$locked >> $tmp4
chuser shell='/usr/local/bin/locked'
account_locked='true' $user
fi
done
Regards,
Jonathan Portman
INFORMIX/AIX Systems Administrator
MPRC I.T Department
Unit5, High Carr Business Park,
Newcastle-Under-Lyme
Staffordshire
ST5 7UG
[T] 01782 864011
[I] 311
[M] 07771747337
[E] jonathan.portman@mprc.co.uk
-----Original Message-----
From: Ignacio Vidal [mailto:ividal@BIYCSA.COM.AR]
Sent: 25 March 2004 13:10
To: aix-l@Princeton.EDU
Subject: Re: Scripting/Information Help
Ummm... thatīs really a lot.
-----Mensaje original-----
De: terry.german@PHONES4U.CO.UK
[mailto:terry.german@PHONES4U.CO.UK]
Enviado el: Thursday, March 25, 2004 9:54 AM
Para: aix-l@Princeton.EDU
Asunto: Re: Scripting/Information Help
Thanks Ignacio,
The problem I have with that is there is 18769 users created on
our server.......... :-( I am trying to reduce that big security
issuse.
-----Original Message-----
From: Ignacio Vidal [mailto:ividal@BIYCSA.COM.AR]
Sent: 25 March 2004 12:42
To: aix-l@Princeton.EDU
Subject: Re: Scripting/Information Help
Terry:
Perhaps you can try "last <username>" and watch the
dates recorded.
Hope this helps
Ignacio
-----Mensaje original-----
De: terry.german@PHONES4U.CO.UK
[mailto:terry.german@PHONES4U.CO.UK]
Enviado el: Thursday, March 25, 2004 9:37 AM
Para: aix-l@Princeton.EDU
Asunto: Scripting/Information Help
Before acting on this e-mail or opening any
attachments you are advised to read
The Caudwell Holdings group of companies'
disclaimer at the end of this e-mail.
=======================================================
Guru's,
As I am not a wizz on scripting I was just
wondering if anyone out there can help me.
I want to find out which users on our M80
running AIX 4.3.3 have not accessed there id for the last 6 months?
If anyone could help it would be great...
Thanks
Terry German
AIX System Administrator
IBM Certified Specialist - AIX
Phones 4u Limited
Swift House
Liverpool Road
Newcastle Under Lyme
ST5 9JJ.
[E] terry.german@phones4u.co.uk
<mailto:terry.german@phones4u.co.uk>
[T] +44 (0)1782 600783
[M] +44 (0)7748908609
[F] +44 (0)1782 587192
[W] http://www.phones4u.co.uk
=======================================================
Confidentiality Notice
This e-mail is confidential and intended for the
use of the named recipient only.
If you are not the intended recipient please
notify us by telephone immediately
on +44(0)1782 600600 or return it to us by
e-mail. Please then delete it from
your system and note that any use,
dissemination, forwarding, printing or copying
is strictly prohibited.
Any views or opinions are solely those of the
author and do not necessarily
represent those of The Caudwell Holdings group
of companies.
Encryptions and Viruses
Please note that this e-mail and any attachments
have not been encrypted.
They may therefore be liable to be compromised.
Please also note that it is your
responsibility to scan this e-mail and any
attachments for viruses. We do not,
to the extent permitted by law, accept any
liability (whether in contract, negligence
or otherwise) for any virus infection and/or
external compromise of security and/or
confidentiality in relation to transmissions
sent by e-mail.
Monitoring
Activity and use of The Caudwell Holdings group
of companies' systems is monitored
to secure its effective use and operation and
for other lawful business purposes.
Communications using these systems will also be
monitored and may be recorded to
secure effective use and operation and for other
lawful business purposes.
_____
Confidentiality Notice
This e-mail is confidential and intended for the use of the named
recipient only. If you are not the intended recipient please notify us
by telephone immediately on +44(0)1782 600600 or return it to us by
e-mail. Please then delete it from your system and note that any use,
dissemination, forwarding, printing or copying is strictly prohibited.
Any views or opinions are solely those of the author and do not
necessarily represent those of The Caudwell Holdings group of companies.
Encryptions and Viruses
Please note that this e-mail and any attachments have not been
encrypted. They may therefore be liable to be compromised. Please also
note that it is your responsibility to scan this e-mail and any
attachments for viruses. We do not, to the extent permitted by law,
accept any liability (whether in contract, negligence or otherwise) for
any virus infection and/or external compromise of security and/or
confidentiality in relation to transmissions sent by e-mail.
Monitoring
Activity and use of The Caudwell Holdings group of companies' systems is
monitored to secure its effective use and operation and for other lawful
business purposes. Communications using these systems will also be
monitored and may be recorded to secure effective use and operation and
for other lawful business purposes.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:45 EDT