From: Hustert Klaus-CKH035 (Klaus.Hustert@motorola.com)
Date: Wed Jun 18 2003 - 02:24:56 EDT
Hi there,
I have the same process to implement and I tried to use the solutions, but it doesn't work for me (I cannot switch into the trusted mode for the systems (politicians :-( ) and ran in the following problem:
<host># /usr/lbin/getprpw -m slogint <user>
System is not trusted.
Is there a way also for untrusted systems ?
Thanks and hopefully it is ok to append me on this mails.
Klaus
-----Original Message-----
From: Ben Le [mailto:ble@pcc.edu]
Sent: Dienstag, 17. Juni 2003 21:56
To: hp-UX Admin
Subject: [HPADM] SUMMARY "Users not active"
Thanks for valuable information from these experts: March, Kristopher, Abramson, Stuart, James Bankston, Lodge, David, Justin Willoughby, John Backus, Aaron Bennett, IlicR@stentor.ca, Rita Workman, TOTSCH,DAVID.
Original question:
What I want is a list of all users who are NOT logged in or NOT active in the last 6 months. "last" only show who logged in the current month. Thanks.
Solutions:
- Use "last" command ( this should taken care of it, my problem is the old Sysadm guy setup to remove old login file and keep only the current dated login file. I have to fix this.)
- There isn't anything built in; but you can do summat like:
for i in $(awk -F: '{print $1}')
do
LastLog=$(/usr/lbin/getprpw -m slogint ${i})
print "${i}: ${LastLog}"
done
Which will show you the last login dates for all users on your box
dave
- how about: (quick, and off the top of my head)
#!/bin/ksh
last > /tmp/lastout
for EACH in $(cat /etc/passwd)
do
if ! grep $EACH /tmp/lastout >> /dev/null
then
echo $EACH has not logged in
fi
done
of course it will only work assuming you have at least six months of data in /var/wtmp -- if you have been rotating that log with SAM or via cron you'll have to modify the script to use alternate wtmp files. See man last.
Aaron Bennett
- If you look at your /etc/passwd file and see the second field...you
will note the first part is encrypted followed by a comma and then some
more info. If, after that comma you see 3... well that means the
password has expired and has not yet been reset. Of course this doesn't
tell you how long it's been expired.
Now if you run the logins command you can get more info...
logins -x -l <username> or logins -x (for everyone)
with this command you get a line for each user and what your most
interested in is that PS line...see man logins for more details..
username,IT,,
/home/username
/usr/bin/sh
PS 040302 14 182 -1
The above ..
1- password last change on 04/03/02
2- minimum time between changes 14 days
3- password expiration 182 days
If you want to write a script to help check on things you might try
using the getprpw command with a variable for $USER: You could then
check the date...(see man getprpw)
/usr/lbin/getprpw -r -m spwchg $USER| tr - s " "|cut -d" " -f5
Hope these help....wish I could say they were all mine, but fact is I
found some on HP's ITRC Forums..
Rgrds,
Rita
- If last(1) is only returning a month's worth of data, then you must be clearing wtmp somehow on a monthly basis. wtmp grows without bounds, so that is very likely. You could also clear wtmp intelligently instead of just zeroing it out. Use fwtmp to create an ASCII copy that can be edited automatically with awk/sed, to clear all but the newest entry for every user, then use fwtmp to convert back to binary.
-dlt-
__________________________________________
Benjamin Le
Sr. Systems Administrator
Information Technology Services
Portland Community College
Voice:(503)-977-4736 Fax:(503)-977-4987
Mailto:ble@pcc.edu <mailto:ble@pcc.edu> http://www.pcc.edu <http://www.pcc.edu/>
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:30 EDT