https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064054#M751284 Hi Rob:<BR /><BR />Have a look at 'last'. See the man pages.<BR /><BR />Regards!<BR /><BR />...JRF... Thu, 04 Sep 2003 19:29:18 GMT James R. Ferguson 2003-09-04T19:29:18Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064049#M751279 I have a request from the security group at the company that I work for. They would like to get a daily report of users who have not accessed their accounts for the last 90 days. We are a HP-UX 11 i shop running our system in trusted mode. Is their an auditing tool within the OS that will do this? Are there any freeware scripts ou there that would produce this information? Thu, 04 Sep 2003 19:11:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064049#M751279 Rob McCarthy 2003-09-04T19:11:23Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064050#M751280 Not sure on a trusted system but check out the "last" command Thu, 04 Sep 2003 19:13:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064050#M751280 Mark Grant 2003-09-04T19:13:24Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064051#M751281 You should be able to process the output of passwd -sa and produce a report yourself.<BR /><BR />Alternatively, you can add a line of code to /etc/profile and log accounts as they get used.<BR /><BR />echo $LOGNAME date &gt;&gt; /var/adm/userlog<BR /><BR />Then you can process this file against a user list from /etc/passwd and produce a list of users that have not logged in.<BR /><BR />Or, A. Clay Stevenson will post in a little perl script.<BR /><BR />SEP Thu, 04 Sep 2003 19:15:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064051#M751281 Steven E. Protter 2003-09-04T19:15:57Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064052#M751282 I have a script to do this, but I can't post it because of company restrictions.<BR /><BR />I can tell you what you need to do though:<BR /><BR />1. Get the GMT time in seconds. I wrote a hello world style C program that prints the result of the the time() system call to stdout.<BR /><BR />2. Loop through each user in the password file (I skip system accounts) and find the corresponding tcb entry. This can be done by grabbing the first char of the login name and then accssing the file in /tcb/files/auth/<C>/<LOGIN><BR /><BR />The tcb file contains a field called u_suclog that lists the last successful login in GMT seconds since UNIX epoch.<BR /><BR />You then compare these two numbers.<BR /><BR />This is a very simplified overview, but it should get you started.<BR /><BR />I would say to use /usr/lbin/getprpw, but it outputs the date as a human readable string in the local timezone. That makes for harder numeric operations.<BR /><BR />HTH.</LOGIN></C> Thu, 04 Sep 2003 19:20:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064052#M751282 Brian Bergstrand 2003-09-04T19:20:56Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064053#M751283 Brian's approach is basically sound. Rather than using C to get epoch seconds a far simpler method is simply:<BR />NOW=$(perl -e 'print time')<BR /> Thu, 04 Sep 2003 19:25:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064053#M751283 A. Clay Stephenson 2003-09-04T19:25:42Z https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064054#M751284 Hi Rob:<BR /><BR />Have a look at 'last'. See the man pages.<BR /><BR />Regards!<BR /><BR />...JRF... Thu, 04 Sep 2003 19:29:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/monitoring-user-accounts/m-p/3064054#M751284 James R. Ferguson 2003-09-04T19:29:18Z