https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299619#M183604 echo was for testing....<BR /><BR />manuel contreras <BR /><BR />echo "/usr/sam/lbin/usermod.sam -p "*" $x " Tue, 08 Jun 2004 16:38:25 GMT Manuel Contreras 2004-06-08T16:38:25Z https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299618#M183603 The following script will deactivate any users who have not accessed the system in X number of days....<BR /><BR />I would like to limit this to NEW users only, any sugetions?<BR /><BR /><BR />you have to copy the /etc/passwd file to control location which is re-created after the script is run.<BR /><BR />I was thinking this could be initiated via crontab once every 24 hrs...<BR /><BR />All input is appreciated,<BR />manuel contreras<BR /><BR /><BR />#!/bin/sh<BR />#this script will check for new users and deactivate accounts <BR />#if users have NOT accessed the system in Xnumber of days.<BR /><BR />diff /etc/passwd /usr/local/unix/Security/passwd.copy | grep "&lt;" | egrep -v 'root:' &gt; \<BR /> /usr/local/unix/Security/passwd.diff<BR /><BR />awk -F: '{print $1, $6}' /usr/local/unix/Security/passwd.diff | awk '{print $2, $3}' &gt; \<BR /> /usr/local/unix/Security/newUSERS.lst<BR /><BR />currentD=`date '+%d %e'`<BR /><BR />for x in `cat /usr/local/unix/Security/newUSERS.lst | awk '{print $1}'`<BR />do<BR /> usrHOME=`grep $x /usr/local/unix/Security/newUSERS.lst | awk '{print $2}'`<BR /> echo "$usrHOME will be checked"<BR /> usrHIST=`find "$usrHOME"/.sh_history -mtime +3 -print`<BR />echo "$userHIST"<BR /> if [ -n "$usrHIST" ]<BR /> then<BR /> echo "today is - $currentD "<BR /> echo "the user was created more than 3days ago - today is $currentD "<BR /> echo""<BR /> echo "now checking If user has logged on the system"<BR /> userSTAT=`last -1 $x | grep begins `<BR /> if [ -n "$userSTAT" ]<BR /> then<BR /> echo "user will be deactivated"<BR /> echo "/usr/sam/lbin/usermod.sam -p "*" $x "<BR /> echo""<BR /> fi<BR /> else<BR /> echo "user has accessed the system recently"<BR /> fi<BR />done<BR /><BR />cp /etc/passwd /usr/local/unix/Security/passwd.copy<BR /><BR />exit<BR /> Tue, 08 Jun 2004 16:37:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299618#M183603 Manuel Contreras 2004-06-08T16:37:02Z https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299619#M183604 echo was for testing....<BR /><BR />manuel contreras <BR /><BR />echo "/usr/sam/lbin/usermod.sam -p "*" $x " Tue, 08 Jun 2004 16:38:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299619#M183604 Manuel Contreras 2004-06-08T16:38:25Z https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299620#M183605 Hi,<BR /><BR />If I understand your script correctly,<BR /><BR />You are taking a difference of passwd.copy and the current passwd file and arriving at the new users. Say a user 'user1' got created just before you ran this script. That user would automatically become 'old' with the command 'cp /etc/passwd /usr/local/unix/Security/passwd.copy'. So, you would need to incorporate further logic to retain the new users until 3 days. I would maintain four files - as newusers.now, newusers.1dayold, newusers.2dayold, newusers.3dayold. Everytime the script is run, it checks for each user in all these files and takes the users out of the files if the activity was found. The users left in newusers.3dayold file will be appended to newusers.disabled file and newusers.2dayold will be moved as newusers.3dayold etc.,<BR /><BR /><BR />Also," grep $x /usr/local/unix/Security/newUSERS.lst | awk '{print $2}'" may not work always. For ex., users user1 and user11. So, add a delimiter like ":" or "," while you are making this user list.<BR /><BR />-Sri<BR /> Tue, 08 Jun 2004 17:16:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299620#M183605 Sridhar Bhaskarla 2004-06-08T17:16:44Z https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299621#M183606 you are correct on the logic...It needs further attention.<BR /><BR />maybe I can have another job simply copy the /etc/passwd to control copy once a week, and take this out of the deactiveCHECKER?<BR /><BR />thanks,<BR />manuel contreras<BR /> Tue, 08 Jun 2004 17:31:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299621#M183606 Manuel Contreras 2004-06-08T17:31:35Z https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299622#M183607 One general comment about working with /etc/passwd using the hp-ux's grep command. I normally work on Tru64/AIX systems and was recently porting a useradd script to HP-UX. I was using the -w option with grep command on other flavours and I noted that the HP-UX's grep don't have the -w option. Finally we ended up downloading the gnu grep (ggrep) utility to replace the hp-ux grep.<BR /><BR />The danger with simple grep is that it will give output for partial matching on a word and in case of users, it could be costly. for eg, <BR /># grep smith newUSERS.lst<BR />smith<BR />smithj<BR />smithjo<BR /><BR />where as<BR />#grep -w smith newUSERS.lst, would only give,<BR />smith<BR /><BR />This is from experience, and you may want to consider either doig more checks, or using ggrep to do exact word matching in case of usernames.<BR /><BR />HTH,<BR />Abdul. Tue, 08 Jun 2004 17:34:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/deactivate-new-users-if-not-accessed-the-system-non-trusted/m-p/3299622#M183607 Abdul Rahiman 2004-06-08T17:34:35Z