HPE Community
Operating System - HP-UX
1838087 Members
3783 Online
110124 Solutions
New Discussion

FTP Login Session

 
Michael Joseph
New Member

‎10-09-2001 12:02 PM

‎10-09-2001 12:02 PM

FTP Login Session

I am using HP-UX 10.20 on an HP 9000 K460. My problem is I have approximately 1400 FTP/Telnet users on my system. The users use WS-FTP to download/upload files. Also, I have my security properties set to disable any accounts not used with 30 days. My problem is that most of my users only FTP into the system and the system does not recognize the FTP session as a login in session. Due to the design of the system and other issues it has to be done this way. Any suggestion, if any, on how to get the system to recognize FTP as a login session. Thanks...
0 Kudos
Reply
3 REPLIES 3
harry d brown jr
Honored Contributor

‎10-09-2001 12:05 PM

‎10-09-2001 12:05 PM

Re: FTP Login Session

You could either extend the login period from 30 days to 90 days, or you could possibly "flag" the account as active. Is this a trusted system?
Live Free or Die
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎10-09-2001 12:09 PM

‎10-09-2001 12:09 PM

Re: FTP Login Session

ftp sessions are logged in wtmp, so you could write a script that parses the output from the 'last' command and see the last time the user ftpped into the system, i.e.:

last -R -1

will tell you when the user last accessed the system.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-09-2001 08:12 PM

‎10-09-2001 08:12 PM

Re: FTP Login Session

You need do it manually with some scripting as the accounts are accessed only through ftp.

1) Keep only 30 days of wtmp file. You can use
/usr/sbin/acct/fwtmp to resize files.

cat var/adm/wtmp | /usr/sbin/acct/fwtmp > /tmp/fwtmp.ascii

Use sed to delete the lines that are older than 30days. This is where you need to spend sometime in building a script.

convert it back to wtmp.

cat /tmp/fwtmp.ascii |/usr/sbin/acct/fwtmp -ic > /var/adm/wtmp

This way you can maintain wtmp files for 30days.

2. Once this is in place, your job is relatively easy. Get all the user_ids except for the standard and other required ones into a file

egrep -v '^root|^sys|^bin' /etc/passwd|awk '{print $1}' > userlist #(include other user ids that need to be there in -v args)

last -R > /tmp/last.detail (this has only 30days of data)
for user in `cat userlist`
grep "^$user" /tmp/last.detail >/dev/null 2>&1
if [$?! = 0 ] #(this userdidn't ftp for the last 30days)
then
passwd -l $user #Lock this account
echo "$user locked due to inactivity" >> /tmp/lock.detail
fi

Now do step 1 to trim the wtmp file for next day.

This gives you only an idea. You can develop a working script based on it.

-Sri


You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.