$! Report a sysuaf in | sep format for SOX $!---------------------------------------------------------------------------- $ if p3 .eqs. "" $ then $ outf="sys$output" $ else $ outf="o" $ open/write o 'p3' $ endif $ d="write ''outf'" $ if p1 .eqs. "" then d "*** P1 ***" $ if p1 .eqs. "A" .or. p1 .eqs. "" then d "A users inactive for more than 120 days" $ if p1 .eqs. "B" .or. p1 .eqs. "" then d "B more than 3 failed logins" $ if p1 .eqs. "C" .or. p1 .eqs. "" then d "C users inactive for more than 90 days" $ if p1 .eqs. "D" .or. p1 .eqs. "" then d "D users with password length < 9" $ if p1 .eqs. "E" .or. p1 .eqs. "" then d "E users password age > 60 days" $ if p1 .eqs. "F" .or. p1 .eqs. "" then d "F users never logged in and not preexp" $ if p1 .eqs. "G" .or. p1 .eqs. "" then d "G users with no password history" $ if p1 .eqs. "H" .or. p1 .eqs. "" then d "H users with password age > 30 days" $ if p1 .eqs. "I" .or. p1 .eqs. "" then d "I active users (login during the last 120 days)" $ d "" $ if p1 .eqs. "Z" .or. p1 .eqs. "" then d "Z Check LGI parameters" $ d "" $ if p1 .eqs. "" then d "*** P2 ***" $ if p1 .eqs. "" then d "account field to report" $ if p1 .eqs. "" then d "" $ if p1 .eqs. "" then d "*** P3 ***" $ if p1 .eqs. "" then d "output file for | separated format, default is user formatted sys$output" $ if p1 .eqs. "" then goto end $ $ where=f$env("procedure") $ place=f$parse(where,,,"device") + f$parse(where,,,"directory") $ exe="$''place'UAI_TO_SYMBOL.ALPHA_EXE" $ on control_y then goto e $ p1=f$ed(p1,"upcase") $ p2=f$ed(p2,"upcase") $ $ if p1 .eqs. "Z" $ then $ gosub check_lgi $ goto end $ endif $ if p3 .nes. "" then d "Id|Account|Owner|Flag|Password Length|Password Expires After|Password Date|Last Login|# login fails" $ open/read/share=write x sysuaf: $ $r: $ read/end=e x x_rec $ def sys$error nl: $ def sys$output nl: $ us=f$extr(4,32,x_rec) $ us=f$ed(us,"trim") $ deass sys$error $ deass sys$output $ exe 'us',flags,fl $ if f$loc("DisUser",fl) .lt. f$len(fl) then goto r !skip disusers $ flag="" $ if f$loc("DisPwdHis",fl) .lt. f$len(fl) then flag="DisPwdHIs" $ exe 'us',account,acc $ if p2 .nes. "" .and. p2 .nes. acc then goto r $ exe 'us',owner,own $ exe 'us',logfails,lf $ exe 'us',lastlogin_n,lln $ if lln .nes. "(None)" then lln=f$cvt(lln) $ exe 'us',lastlogin_i,lli $ if lli .nes. "(None)" then lli=f$cvt(lli) $ ll=lli $ if lln .gts. lli then ll=lln $ if ll .eqs. "(None)" then ll=f$cvt("-9999-") $ exe 'us',pwd_length,p_len $ exe 'us',pwd_lifetime,p_lif $ p_lif=f$el(0," ",f$ed(p_lif,"trim")) $ if p_lif .eqs. "(None)" then p_lif=9999 $ sh symb p_lif $ exe 'us',pwd_date,p_dat $ p_dat=f$el(0," ",f$ed(p_dat,"trim")) $ if p_dat .eqs. "0" then p_dat="PreExp" $ if p1 .eqs. "A" .and. ll .ges. f$cvt("-120-") then goto r $ if p1 .eqs. "B" .and. f$int(lf) .le. 2 then goto r $ if p1 .eqs. "C" .and. ll .ges. f$cvt("-90-") then goto r $ if p1 .eqs. "D" .and. f$int(p_len) .gt. 8 then goto r $ if p1 .eqs. "E" .and. f$int(p_lif) .le. 60 then goto r $ if p1 .eqs. "F" .and. ll .ges. f$cvt("-9000-") then goto r $ if p1 .eqs. "F" .and. p_dat .eqs. "PreExp" then goto r $ if p1 .eqs. "G" .and. flag .eqs. "DisPwdHis" then goto r $ if p1 .eqs. "H" .and. f$int(p_lif) .le. 30 then goto r $ if p1 .eqs. "I" .and. ll .les. f$cvt("-120-") then goto r $ $ if p3 .nes. "" $ then $ d "''us'|''acc'|''own'|''flag'|''p_len'|''p_lif'|''p_dat'|''ll'|''lf'" $ else $ if p1 .eqs. "A" then d "Userid ''us' named ''own' has been inactive since ''ll'" $ if p1 .eqs. "B" then d "Userid ''us' named ''own' has ''lf' failed logins" $ if p1 .eqs. "C" then d "Userid ''us' named ''own' has been inactive for since ''ll'" $ if p1 .eqs. "D" then d "Userid ''us' named ''own' has a minimum password length of ''p_len'" $ if p1 .eqs. "E" then d "Userid ''us' named ''own' has a password age of ''p_lif'" $ if p1 .eqs. "F" then d "Userid ''us' named ''own' is not preexpired" $ if p1 .eqs. "G" then d "Userid ''us' named ''own' has no password history enabled" $ if p1 .eqs. "H" then d "Userid ''us' named ''own' has a password age ''p_lif'" $ if p1 .eqs. "I" then d "Userid ''us' named ''own' has last been active on ''ll'" $ endif $ goto r $e: $ close x $end: $ if p3 .nes. "" then close o $ exit $ $check_lgi: $ call 1_lgi LGI_BRK_TERM 1 !terminal part of intr $ call 1_lgi LGI_BRK_DISUSER 0 !breakin causes disuser $ call 1_lgi LGI_PWD_TMO 30 !timeout at password prompt $ call 1_lgi LGI_RETRY_LIM 3 !# of trials before command is aborted $ call 1_lgi LGI_RETRY_TMO 20 !#secs allowed to enter username $ call 1_lgi LGI_BRK_LIM 6 !# of trials before it is an intr $ call 1_lgi LGI_BRK_TMO 600 !time of bad trial (to be multiplied with # trials) $ call 1_lgi LGI_HID_TIM 60 !time after intr that it will not accept the user $ call 1_lgi LGI_CALLOUTS 0 !must be 0 $ return $ $1_lgi: subroutine $ v=f$getsy("''p1'") $ if v .eqs. "TRUE" then v="1" $ if v .eqs. "FALSE" then v="0" $ if v .ne. p2 then d "''p1' is not complient : ''v' must be ''p2'" $ exit $endsubroutine