HPE Community
Operating System - HP-UX
1831658 Members
2184 Online
110029 Solutions
New Discussion

Is there a command I can use to get the users that have not logged on for more than n days ?

 
SOLVED
Go to solution
Luis Toro
Regular Advisor

‎06-23-2003 12:31 PM

‎06-23-2003 12:31 PM

Is there a command I can use to get the users that have not logged on for more than n days ?

Hello,

I did a man on getprpw, and I'm trying to see if there is a simpler method of obtaining a report on users that have not logged into a server for over 30 days. Seems if I use getprpw, I would have to do some scripting to get this info from the slogint.

Thank you
0 Kudos
Reply
14 REPLIES 14
Ken Penland_1
Trusted Contributor

‎06-23-2003 12:38 PM

‎06-23-2003 12:38 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Not that I know of...here is a snippet from a script I have that reports a bunch of stuff...this should report what you are looking for:

#!/usr/local/bin/perl

format LIFETIME =
User @<<<<<<< (@|||||||||||||||||||) has not changed their password since @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$username, $realname, $laston
.

print "\n", "_" x 75, "\n";
$counter = 0;
print "EXPIRED ACCOUNTS - Accounts currently locked due to Password Lifetime Exceeded\n\n";

@passwd = `cat /etc/passwd`;
foreach $line(@passwd)
{
($username,$p,$uid,$gid,$rlname,@rest) = split(/\:/,$line);
($realname,@rest) = split(/\,/,$rlname);
if ($uid < 100) { next; }
$checkit = `/usr/lbin/getprpw -m lockout $username`;
$checkit =~ s/\s+$//;
($junk,$reason) = split(/\=/,$checkit);
if ($reason ne "1000000") { next; }
$checkit = `/usr/lbin/getprpw -m spwchg $username`;
$checkit =~ s/\s+$//;
($junk,$laston) = split(/\=/,$checkit);
$counter++;
$~ = "LIFETIME";
write;
}
'
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎06-23-2003 12:40 PM

‎06-23-2003 12:40 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

lastlogin Invoked by runacct to update /var/adm/acct/sum/loginlog
which shows the last date on which each user logged in
(see runacct(1M)).
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

‎06-23-2003 12:46 PM

‎06-23-2003 12:46 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi,

You can use 'find' to go throught the $HOME directories of the users and look at the last access date from their '.profile'.

You can also check the /var/adm/wtmp file and use 'last' and compare its contents to /etc/passwd. Check for users who do *not* appear in 'wtmp'.

HTH,
Piyush
0 Kudos
Reply
Helen French
Honored Contributor

‎06-23-2003 12:46 PM

‎06-23-2003 12:46 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Couple of solutions here:

http://forums.itrc.hp.com/cm/QuestionAnswer/0,,0x4c677bb04b5cd611abdb0090277a778c,00.html
Life is a promise, fulfill it!
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎06-23-2003 12:48 PM

‎06-23-2003 12:48 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hello!

If it's about login of user on some machine
so use finger

Caesar
0 Kudos
Reply
Jim Mallett
Honored Contributor

‎06-23-2003 01:09 PM

‎06-23-2003 01:09 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Another thing to think about is that you can automate the process if you are using a Trusted System. Plus that adds other safeguards. The above ideas will work great though. Just a thought.

Jim
Hindsight is 20/20
0 Kudos
Reply
twang
Honored Contributor

‎06-23-2003 06:41 PM

‎06-23-2003 06:41 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi,
I think you may use "last" to retrieve the users who have logged in the past 30 days into a tmp file, and then compare this file with the users list.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-23-2003 08:00 PM

‎06-23-2003 08:00 PM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi,

I just posted this message in another thread. One pain is that you have maintain your wtmp file for atleast 'n' days to get accurate information.

//
There isn't a simple way of finding this out. If you want to find this out, the best way is to use last command. However, this pulls out the information from wtmp. So, if you trimmed it anywhere in the last three months, then you won't get the information. So, you will have to plan. Either keep the wtmp file for 3 months or regularly recycle (using /usr/sbin/acct/fwtmp
) but keep the old files somewhere.

Then it is just a question of writing a script that can take care of it.

last -R > last.log

(Edit this and remove standard logins like root, bin, sys etc., or you can put a grep -v in the above. Delete the entries that are older than n days)

for LOGIN in $(awk '{FS=":";print $1}' /etc/passwd)
do
grep -q $LOGIN last.log
if [ $? != 0 ]
then
echo $LOGIN >> nologin.out
fi
done

if [ $(wc -l nologin.out|awk '{print $1}') -eq 0 ]
then
echo |mailx -s "No LOGINS" your_id@yourdomain.com
else
mailx -s "NO LOGIN REPORT" yourid@yourdomain.com < nologin.out
fi

//

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Luis Toro
Regular Advisor

‎06-24-2003 06:24 AM

‎06-24-2003 06:24 AM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Thanks for all your input.
I believe Sri and Shiju had a better understanding of what I was looking for, although it looks like it will have to be scripted.

wtmp goes back well beyond 3 months and it is a trusted system with the "disable inactive" accounts set to 90 days. I can't use the ".profile" idea, since the home directory is shared for all end users. My problem is that
someone wants a report of users that have not logged on in 30 days. So they may very well be in wtmp (goes back a year), and if they've logged on within the past 90 days, they'll still be enabled.
A colleague has recommended trying a version of
the 'date' command (from the HP Porting Center) to see if that allows me to do more flexible data comparisons against the wtmp file.

Thanks
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎06-24-2003 10:16 AM

‎06-24-2003 10:16 AM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi

This should help:-


------------------CUT HERE-------------------
#!/bin/sh
#####################################
# Last login checker
#####################################
# PJFC 04-2002
#####################################
# Get logname from passwd and push to file.
cat /etc/passwd | sed 's/:/ /' | awk '{print $1}' | sed 's/^/ /' | sed 's/ /last /' >/tmp/passlast.one
#####################################
# Get file and create an "Echo command file"
cat /tmp/passlast.one | sed 's/last/echo/'>/tmp/passlast.two
#####################################
# Paste files together
paste /tmp/passlast.two /tmp/passlast.one >/tmp/passlast.three
#####################################
# Seperate the commands and just look at last login
cat /tmp/passlast.three | sed 's/last/; last -1 /' >/tmp/passlast.go
#####################################
# Tidy up
rm /tmp/passlast.one
rm /tmp/passlast.two
rm /tmp/passlast.three
#####################################
# Make created file executable
chmod 755 /tmp/passlast.go
#####################################
# Run the created program
/tmp/passlast.go >/tmp/passlast.results
#####################################
# Send out result
mailx -s " Last logins" root #####################################
# Tidy up
rm /tmp/passlast.go
# Hash out the next line to keet results in /tmp
rm /tmp/passlast.results
#####################################
# ALL DONE

----------------cut here---------------------


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Pepe Jimenez Muñoz
Frequent Advisor

‎06-25-2003 02:18 AM

‎06-25-2003 02:18 AM

Solution

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi Luis, I have this script to tell me the time since each user login in the system.

The script writes username|days_last_login in /etc/pepe file.

# Este script genera un listado en /etc/pepe
# que contiene cada usuario y el tiempo que lleva
# sin hacer login al sistema.

> /etc/pepe
chmod 644 /etc/pepe

ahora=`/usr/contrib/bin/perl -e 'printf "%d\n",time()'`

for i in `cat /etc/passwd | cut -d":" -f1`
do

letra=`echo $i|cut -c1`
#echo $i $letra
ultimologin=`cat /tcb/files/auth/$letra/$i | awk -F "u_suclog#" ' {print $2}' | cut -d":" -f1 |
grep -v ^$`
# echo $ultimologin
let "dias=(( $ahora - $ultimologin ) / 86400) "

echo $i"|"$dias >> /etc/pepe
# echo $i"|"$dias

done

I hope this help you.

VIVA EL BETIS.

(Betis is the best football team in the world)

ppviso
Reply
David_246
Trusted Contributor

‎06-25-2003 03:07 AM

‎06-25-2003 03:07 AM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Hi Ken,

I'dd love to reply this one to you directly, but not possible unfortunetly.
I made some addaptions to your script. (especialy the value of $reason !!)

I realy like the script, it learned me a lot.

Regs David

#--------------------------------
#!/usr/local/bin/perl

format LIFETIME =
User @<<<<<<< (@|||||||||||||||||||) has not changed their password since @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$username, $realname, $laston
.

print "\n", "_" x 75, "\n";
print "EXPIRED ACCOUNTS - Accounts currently locked due to Password Lifetime Exceeded\n\n";

open(FH, "< /etc/passwd");
@passwd = ;
close(FH);

foreach $line(@passwd) {
($username,$uid,$rlname) = (split /\:/, $line)[0,2,4];
next if ( $uid < 100 );

$checkit = `/usr/lbin/getprpw -m lockout $username`;
$checkit =~ s/\s+$//;
$reason = (split /\=/, $checkit)[1];
next if ($reason ne "0000001");

$checkit = `/usr/lbin/getprpw -m spwchg $username`;
$checkit =~ s/\s+$//;
$laston = (split /\=/, $checkit)[1];
$laston = "never" if ( $laston eq "-1" );
$realname = (split /\,/, $rlname)[0];

$~ = "LIFETIME";
write;
}
@yourservice
0 Kudos
Reply
John Meissner
Esteemed Contributor

‎06-25-2003 03:13 AM

‎06-25-2003 03:13 AM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

I wrote this script so that you can see who has not logged in in the past 60 days.

All paths lead to destiny
0 Kudos
Reply
Luis Toro
Regular Advisor

‎06-26-2003 10:54 AM

‎06-26-2003 10:54 AM

Re: Is there a command I can use to get the users that have not logged on for more than n days ?

Thanks.

I think I found what I need using a combination
of Ken and Pepe's scripts, with some adjustments. [Ken, unforntunately I can't re-assign points, and I didn't think it proper to
assign higher points to Dave, who referenced your script.].
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.