Operating System - HP-UX
1833873 Members
1763 Online
110063 Solutions
New Discussion

Free script - Last Login checker

 
Paula J Frazer-Campbell
Honored Contributor

Free script - Last Login checker

Hi To all

I got fed up of checking unused logings in my password file (currently 2320) so:-

I wrote a script to build a script to do the job:-

I am dam sure I have not invented the wheel, but if anyone might find it useful it is here:-

------------------CUT HERE-------------------
#!/bin/sh
#####################################
# Last login checker
#####################################
# PJFC 04-2002
#####################################
# Get logname from passwd and push to file.
cat /etc/passwd | sed 's/:/ /' | awk '{print $1}' | sed 's/^/ /' | sed 's/ /last /' >/tmp/passlast.one
#####################################
# Get file and create an "Echo command file"
cat /tmp/passlast.one | sed 's/last/echo/'>/tmp/passlast.two
#####################################
# Paste files together
paste /tmp/passlast.two /tmp/passlast.one >/tmp/passlast.three
#####################################
# Seperate the commands and just look at last login
cat /tmp/passlast.three | sed 's/last/; last -1 /' >/tmp/passlast.go
#####################################
# Tidy up
rm /tmp/passlast.one
rm /tmp/passlast.two
rm /tmp/passlast.three
#####################################
# Make created file executable
chmod 755 /tmp/passlast.go
#####################################
# Run the created program
/tmp/passlast.go >/tmp/passlast.results
#####################################
# Send out result
mailx -s " Last logins" root #####################################
# Tidy up
rm /tmp/passlast.go
# Hash out the next line to keet results in /tmp
rm /tmp/passlast.results
#####################################
# ALL DONE

----------------cut here---------------------


Paula
If you can spell SysAdmin then you is one - anon
14 REPLIES 14
John Carr_2
Honored Contributor

Re: Free script - Last Login checker

thanks Paula

another useful utility for my personal collection.


John.
George_Dodds
Honored Contributor

Re: Free script - Last Login checker

Your a lovely lass!

Works a treat.

Cheers

George
David Burgess
Esteemed Contributor

Re: Free script - Last Login checker

Top girl. That's one to add to the collection.

Many thanks,

Dave.
John McDen
Regular Advisor

Re: Free script - Last Login checker

Thanks Paula,

I was really in need of it and was planing to write it but you did it for me..

Thanks,

JM
New to HP
Rodney Hills
Honored Contributor

Re: Free script - Last Login checker

Here is a version I wrote in perl-

!/usr/local/bin/perl
# Show last logins for every user in /etc/passwd
#
open(LASTLOGIN,"last|") || die "Can not run 'last' command\n";
while () {
next if $_ eq "";
if (/^wtmp begin/) {$begin=$_ ; next};
($name,$tty,$date)=/(\S+)\s+(\S+)\s+(\S+\s+\S+\s+\S+)/;
$user{$name}=$date unless $user{$name};
}
print $begin;
close(LASTLOGIN);
open(PASSWD,"/etc/passwd") || die "Can not open '/etc/passwd'\n";
while () {
next if /^\+/;
($name,$rest)=split(":");
$user{$name}="**NOT USED**" unless $user{$name};
}
foreach $name (sort keys(%user)) {
printf "%-10s %s\n",$name,$user{$name};
}
There be dragons...
Robert de Mander
New Member

Re: Free script - Last Login checker

Hmmmm,

time to brush up on the awk skills perhaps?

Why not to this:
-----------------snip-------------------
#!/bin/sh
#####################################
# Last login checker
#####################################
# PJFC 04-2002 RdM
#####################################
# Get logname from passwd and push to file.
awk -F: '{print "echo " $1 ";last -1 " $1}' /etc/passwd >/tmp/passlast.go
#####################################
# Make created file executable
chmod 700 /tmp/passlast.go
#####################################
# Run the created program
/tmp/passlast.go >/tmp/passlast.results
#####################################
# Send out result
mailx -s " Last logins" root #####################################
# Tidy up
rm /tmp/passlast.go
# Hash out the next line to keet results in /tmp
rm /tmp/passlast.results
#####################################
# ALL DONE
-----------------snip-------------------

Shorter, clearer, fewer tmp file, same result!

robert
Pete Randall
Outstanding Contributor

Re: Free script - Last Login checker

Ain't it a beauty.

Thanks, Paula

Pete

Pete

Re: Free script - Last Login checker

No awk (awk is sllloooowww), no temp files:

cut -d: -f1 /etc/passwd | while read user
do
echo ${user}
last -1 ${user}
done | mailx -s "Last Logins" root

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Rodney Hills
Honored Contributor

Re: Free script - Last Login checker

Duncan,

If you are so concerned about how slow "awk" is, why are you executing "last -1" over and over. That will definitely eat up a lot of resources!

-- Rod Hills
There be dragons...
Paula J Frazer-Campbell
Honored Contributor

Re: Free script - Last Login checker

Hi

Best system.

1. Pick up phone.
2. Call user.
3. Ask " When did you last login"
4. Write it down.
5. Call next user.



Paula
If you can spell SysAdmin then you is one - anon

Re: Free script - Last Login checker

Rod,

mmmm your right (humbly curls forlock and stares at shoes.... ;o) )

Cheers

Duncan


I am an HPE Employee
Accept or Kudo
Bill Hassell
Honored Contributor

Re: Free script - Last Login checker

<< begin tounge-planted-firmly-in-cheek >>

Q. When did you last login?

A. What do you mean by "login"? Do you mean my telnet session(s), or my rlogin session(s). Or do you want to know about some remsh and rcp commands I used? How about rexec? Perhaps you want to know about starting CDE and managing my PC's desktop, and the hpterm/xterm and dtterm logins I have. There may be some PAM or ssh sessions going too. ;-)

Seriously, you may want to deal with users based on the processes that they actually own so I would use ps -u or for a nicely formatted process hierarchy:

for MYUSER in $(cut -f1 -d: /etc/passwd)
do
UNIX95= ps -fHu $MYUSER | grep -v PID
done


Bill Hassell, sysadmin
Craig Rants
Honored Contributor

Re: Free script - Last Login checker

Lets not make things simple, let's make it more complicated. Remember, "knowledge is power"....

# Check to see if this is a trusted box
if [ -d /tcb ]
then
# Section to figure out login date information based on the epoch date records
# in the /tcb/auth/files directory only works on trusted systems
#
# Round about way to get the current epoch number
LOGDIR=/var/adm
TMPLOG=/tmp/wtmp.tmplog
WORKLOG=/tmp/wtmp.worklog

cat $LOGDIR/wtmp > $TMPLOG
# Converting logs from bin to ascii. . . "
cat $TMPLOG |/usr/sbin/acct/fwtmp > $WORKLOG
cat $WORKLOG | awk '{print $8}' > /tmp/dates.out
CURRENT=`/usr/contrib/bin/perl -e "print time"`

# Remaining local variables
NINETY='7776000'
SIXTY='5184000'
THIRTY='2592000'
#FORMULA=echo "0d$NUMBER=Y" | adb
NDAYS=`/usr/bin/expr $CURRENT - $NINETY`
SDAYS=`/usr/bin/expr $CURRENT - $SIXTY`
TDAYS=`/usr/bin/expr $CURRENT - $THIRTY`
NDAYSOUT=/tmp/n.out
SDAYSOUT=/tmp/s.out
TDAYSOUT=/tmp/t.out
GOODDAYS=/tmp/good.out
NORECORD=/tmp/norec.out
USERLIST=/tmp/userlist

# Create file headers
echo "" >> $NDAYSOUT
echo "C. <---- Users who have no login activity over 90 days ---->" >> $NDAYSOUT
echo "" >> $SDAYSOUT
echo "D. <---- Users who have no login activity over 60 days ---->" >> $SDAYSOUT
echo "" >> $TDAYSOUT
echo "E. <---- Users who have no login activity over 30 days ---->" >> $TDAYSOUT
echo "" >> $GOODDAYS
echo "F. <---- Users who have login activity under 30 days ---->" >> $GOODDAYS

# Start processing user accounts
cat /etc/passwd | awk -F: '{print $1}' > /tmp/userlist
for NAME in `cat /tmp/userlist`
do
NUMBER=`cat /tcb/files/auth/*/$NAME | grep u_suclog | awk -f /roots/bin/awkfil
e | awk -F# '{print $2}'` > /dev/null 2>&1
if [ $? -eq 0 ]; then
if [ "$NUMBER" -gt "$TDAYS" ] ; then
echo $NAME >> $GOODDAYS
elif [ "$NUMBER" -le "$TDAYS" -a "$NUMBER" -gt "$SDAYS" ] ;then
echo $NAME >> $TDAYSOUT
elif [ "$NUMBER" -le "$SDAYS" -a "$NUMBER" -gt "$NDAYS" ] ; then
echo $NAME >> $SDAYSOUT
elif [ "$NUMBER" -le "$NDAYS" ] ; then
echo $NAME >> $NDAYSOUT
else
echo $NAME >> /dev/null
fi
else
echo $NAME >> $NORECORD
fi
done

cat $NDAYSOUT $SDAYSOUT $TDAYSOUT >> $OUTPUT
# Uncomment line below to show who has logged in recently
cat $GOODDAYS >> $OUTPUT

# clean up
cat /dev/null > $NDAYSOUT
cat /dev/null > $SDAYSOUT
cat /dev/null > $TDAYSOUT
cat /dev/null > $GOODDAYS
cat /dev/null > $NORECORD
cat /dev/null > $USERLIST

/usr/sbin/sendmail you@domain.com < $OUTPUT

I believe this will sufficiently complicate things...

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Dave Wherry
Esteemed Contributor

Re: Free script - Last Login checker

Another very simple approach - comment out all users in /etc/passwd (except root) and wait to see who calls.