- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Login script
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 11:02 AM
тАО12-09-2008 11:02 AM
#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"
for USER in $(listusers | awk '{print $1}')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi
# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately
if [ $LOCKOUT != "0000000" ]
then
print "\nUser $USER deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
print " ${REASON[$BIT]}"
else
print " Bad character in lockout: $REASONBIT"
fi
fi
done
fi
done
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 11:53 AM
тАО12-09-2008 11:53 AM
Solution#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"
for USER in $(listusers | awk '{print $1}')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi
# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately
if [ $LOCKOUT != "0000000" ]
then
print "\nUser $USER deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
print " ${REASON[$BIT]}"
else
print " Bad character in lockout: $REASONBIT"
fi
fi
done
else
print "\n\n$USER is active"
fi
done
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 12:34 PM
тАО12-09-2008 12:34 PM
Re: Login script
#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
typeset -R26 MINTM
typeset -R26 EXPTM
typeset -R26 LFTM
typeset -R26 SPWCHG
typeset -R26 UPWCHG
typeset -R26 ACCTEXP
typeset -R26 LLOG
typeset -R26 ULOGINT
typeset -R26 SLOGINY
typeset -R26 UMAXLNTR
typeset -R26 NOTSET="-1"
REASON[1]="exceeded password lifetime"
REASON[2]="exceeded last login time"
REASON[3]="exceeded absolute account lifetime"
REASON[4]="exceeded unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="administrator lock"
REASON[7]="password is a *"
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
for USER in $(listusers | awk '{print $1}')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi
# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately
if [ $LOCKOUT != "0000000" ]
then
print "\nUser $USER deactivated, reason: \c"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
print "${REASON[$BIT]}"
else
print "AUDIT error: Bad character in lockout: $REASONBIT"
fi
fi
done
MINTM=$(getprpw -r -m mintm $USER)
EXPTM=$(getprpw -r -m exptm $USER)
LFTM=$(getprpw -r -m lftm $USER)
SPWCHG=$(getprpw -r -m spwchg $USER)
UPWCHG=$(getprpw -r -m upwchg $USER)
ACCTEXP=$(getprpw -r -m acctexp $USER)
LLOG=$(getprpw -r -m llog $USER)
ULOGINT=$(getprpw -r -m ulogint $USER)
SLOGINY=$(getprpw -r -m sloginy $USER)
UMAXLNTR=$(getprpw -r -m umaxlntr $USER)
# Show values only if set (-1 is not set)
[[ "$MINTM" != "$NOTSET" ]] && \
print "$MINTM = Min time between PW changes"
[[ "$EXPTM" != "$NOTSET" ]] && \
print "$EXPTM = Password expiration time"
[[ "$LFTM" != "$NOTSET" ]] && \
print "$LFTM = Password lifetime"
[[ "$SPWCHG" != "$NOTSET" ]] && \
print "$SPWCHG = Password was changed"
[[ "$UPWCHG" != "$NOTSET" ]] && \
print "$UPWCHG = Password was unsuccessfully changed"
[[ "$ACCTEXP" != "$NOTSET" ]] && \
print "$ACCTEXP = account expires"
[[ "$LLOG" != "$NOTSET" ]] && \
print "$LLOG = Last successful login"
[[ "$SLOGINY" != "$NOTSET" ]] && \
print "$SLOGINY = Terminal used for last successful login"
[[ "$ULOGINT" != "$NOTSET" ]] && \
print "$ULOGINT = Last unsuccessful login"
[[ "$UMAXLNTR" != "$NOTSET" ]] && \
print "$UMAXLNTR = Max unsuccessful login tries"
fi
done
exit 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 01:21 PM
тАО12-09-2008 01:21 PM
Re: Login script
I've added the reason codes from the above script to it. See if this works for you.
One thing i've noticed is that it only prints the last reason code. So if the LOCKOUT is something like 1001001, only the last 1 is actually noted in the output. I can fix this if it's something you may use, but most users probably are locked for 1 reason, not many.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 01:40 PM
тАО12-09-2008 01:40 PM
Re: Login script
Thanks for all of your help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2008 02:12 PM
тАО12-09-2008 02:12 PM
Re: Login script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2008 06:29 AM
тАО12-15-2008 06:29 AM
Re: Login script
-Charlie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2008 06:45 AM
тАО12-15-2008 06:45 AM
Re: Login script
last output with a grep can be used to get last login information, so long as the wtmp file in /var/adm/syslog is not erased or emptied.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2008 07:58 AM
тАО12-15-2008 07:58 AM
Re: Login script
chkdisable |grep exceed |awk '{print $2}'
To determine any current lockouts.