I'm looking for a script I can run in a for loop to a crapload of
sun/linux/hp/aix hosts to check account password expiration and send an
email if it's < 30 days away.
Anyone see anything like this to save me hours of scripting and
testing? Even if it was something that just reported the # days 'till
expiration, that would be workable.
Thx much
-krp
|
|
0
|
|
|
|
Reply
|
 kpacek (8)
|
3/11/2005 7:38:36 PM |
|
In article <1110569916.741686.246000@g14g2000cwa.googlegroups.com>,
kpacek@yahoo.com wrote:
> I'm looking for a script I can run in a for loop to a crapload of
> sun/linux/hp/aix hosts to check account password expiration and send an
> email if it's < 30 days away.
>
> Anyone see anything like this to save me hours of scripting and
> testing? Even if it was something that just reported the # days 'till
> expiration, that would be workable.
>
> Thx much
> -krp
Not seen anything that's multiplatform. You could only do this on
Solaris if you authenticate with LDAP or local files. The shadow file
has an expired field which is an internal UNIX date. You could parse
this file with perl and send mail based on the dates.
LDAP is a whole other problem. Don't know if Linux, HP/UX or AIX would
do this.
Do you want the script to be robust enough to handle all these OS and
authentication senarios? Sounds like you'll have to do that coding.
But you might get lucky, what to do I know?
--
DeeDee, don't press that button! DeeDee! NO! Dee...
|
|
|
0
|
|
|
|
Reply
|
 Michael
|
3/11/2005 9:00:31 PM
|
|
kpacek@yahoo.com wrote:
> I'm looking for a script I can run in a for loop to a crapload of
> sun/linux/hp/aix hosts to check account password expiration and send an
> email if it's < 30 days away.
>
> Anyone see anything like this to save me hours of scripting and
> testing? Even if it was something that just reported the # days 'till
> expiration, that would be workable.
>
> Thx much
> -krp
>
Following is a crude one I created. It works on Solaris running nis+
I have it set to run once each night via cron.
more check_passwd_expiration
#!/bin/sh
#rsj 01/16/2003
#this script is intended to be ran from a cron job.
#It will email user warnings when their passwd is getting
#close to expiration.
mail_msg()
{
rmail $1 << EOF
Subject: $2
From: randy
$1 $2
EOF
}
NDAYS=`/usr/bin/perl -e 'printf("%d\n", time / (3600 * 24))'`
echo NDAYS = $NDAYS
for user in `niscat -M passwd.org_dir | awk -F: '{printf("%s:%s:%s:%s:%s:%s\n", $1, $2, $8, $9, $10, $11)}'`
do
#echo user = $user
name=`echo $user | cut -d: -f1`
passwd=`echo $user | cut -d: -f2`
lastchg=`echo $user | cut -d: -f3`
min=`echo $user | cut -d: -f4`
max=`echo $user | cut -d: -f5`
warn=`echo $user | cut -d: -f6`
if [ "$max" != -1 -a "$passwd" != "*LK*" ]; then
if [ "$max" = "" ]; then
echo "invalid value of max for $name"
max=-1
fi
if [ "$lastchg" = "" ]; then
echo "invalid value of lastchg for $name"
lastchg=0
fi
#echo info = $name:$lastchg:$min:$max:$warn:$delta
delta=`expr $NDAYS - $lastchg`
expire=`expr $max - $delta`
if [ $expire -le 0 ]; then
echo info = $name:$lastchg:$min:$max:$warn:$delta
echo " Warning your passwd has expired"
mail_msg $name "Your passwd has expired"
elif [ $expire -le $warn ]; then
echo info = $name:$lastchg:$min:$max:$warn:$delta
echo " Warning passwd will expire in $expire days"
mail_msg $name "Warning your passwd expires in $expire days"
fi
fi
#else
#echo no expire for $name:$lastchg:$min:$max:$warn
#fi
done
--
----------------------------------
Randy Jones
E-Mail: randy@jones.tri.net
----------------------------------
|
|
|
0
|
|
|
|
Reply
|
Randy
|
3/12/2005 4:05:17 AM
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25713 articles. 
78 followers. 
2 Replies
2008 Views
