HPE Community
Operating System - HP-UX
1833750 Members
2460 Online
110063 Solutions
New Discussion

Clean passwd file

 
Fuad_1
Regular Advisor

‎04-19-2003 10:58 PM

‎04-19-2003 10:58 PM

Clean passwd file

Hi,

I have hundreds of users in passwd file. I am sure that most of them are not used. Can I have a script to find out users where not logon to the server for last two months and their account are disabled.
Set goals, and work to achieve them
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎04-19-2003 11:41 PM

‎04-19-2003 11:41 PM

Re: Clean passwd file

This functionality is part of a trusted system.

Go to sam security, then convert your system to trusted.

This is an important step, you might want to do some reading first.

After your system is trusted, you can set expiration times, also in sam.

passwd -sa

will give you output like this..

esmith PS 03/13/03 7 49
sjones PS 03/20/03 7 49
swillis PS 03/20/03 7 49

This can be run through awk and you can passwd -l to lock accounts that have not had a password reset in a given period of time.

Good Luck.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Fuad_1
Regular Advisor

‎04-19-2003 11:48 PM

‎04-19-2003 11:48 PM

Re: Clean passwd file

The system is trusted already, and most of users are inactive(locked). I want to find out these locked accounts where last two months.
Set goals, and work to achieve them
0 Kudos
Reply
Ramkumar Devanathan
Honored Contributor

‎04-20-2003 12:19 AM

‎04-20-2003 12:19 AM

Re: Clean passwd file

Hi Fuad,

You could try last command. It'll tell you the last time somebody logged in.

If the file /var/adm/wtmp is more than 2 months old, the above would work.

If a user has logged in 2 months earlier, the last login would show that. Hopefully this works on a trusted system - i am trying this on a normal system.

no harm in trying this script on your system anyhow.

try this -

#!/usr/bin/ksh
for user in `cut -d: -f1 /etc/passwd`
do
last $user | tail -3 | head -1
done

#EOF

the above script would list the last logins using telnet/ftp of all the users on the system. You should typically be able to find out the users who have not logged in in the past 2 months.

# lastb
if the users have not been able to login although they have tried, then the above command will list their (unsuccessful) login attempts.

lastb will display bad logins only if the file /var/adm/btmp exists.

both above commands do not display the year - that is a problem/limitation.

Another possibility is to open the /var/adm/wtmp in binary mode and read it.

The utmpx.h header file contains the structure of the contents of the wtmp file.

let me know if you require the program to read this.

- ramd.
HPE Software Rocks!
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎04-21-2003 01:51 AM

‎04-21-2003 01:51 AM

Re: Clean passwd file

hi,
i don't have a script right now to give u. but u can do it if the finger service is running on ur machine.

1. First write all usernames into a file.
#cat /etc/passwd|cut -d: -f1 >
2. then run finger on each name in the file, grep string "Last login" and the month and write it into a file.
#for i in `cat `
do
temp=`finger $i |grep "Last Login"|awk '{print $4}'`
echo "$i:$temp" >>
3. by this u will get login names:months they logged in last time.
4. compare this with the present month and run passwd -l if the differece is two months

Regards
Never Say No
0 Kudos
Reply
Tim Sanko
Trusted Contributor

‎04-21-2003 05:50 AM

‎04-21-2003 05:50 AM

Re: Clean passwd file

If the system is not a trusted account, and the users have access to the command line, checking the time stamp on the shell history can tell you when people ran their last command.

find /home -name .sh_history -exec ll {} \; | pg

I could put the awk command here, but I am sure you understand awk and sort.

Tim
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎04-21-2003 06:00 AM

‎04-21-2003 06:00 AM

Re: Clean passwd file

If system is trusted here is this one from Knowledge base..

Use the command getprpw to check if a user was deactivated. The command
returns non zero exit codes for deactivated users.

Active user account:
$ /usr/lbin/getprpw -r -m lockout user1
0000000

Deactivated (locked) user account:
$ /usr/lbin/getprpw -r -m lockout user2
0000001

The following script can be used as an example to report all deactivated
user accounts on the system.

$ more deactivated_users.sh
#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin

NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi

if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi

REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"

for USER in $(listusers | awk '{print $1}')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi

# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately

if [ $LOCKOUT != "0000000" ]
then
print "\nUser $USER deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
print " ${REASON[$BIT]}"
else
print " Bad character in lockout: $REASONBIT"
fi
fi
done
fi
done

exit 0

Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.