HPE Community
Operating System - HP-UX
1833417 Members
3376 Online
110052 Solutions
New Discussion

Rarely logged in User list

 
vthiru
Advisor

‎04-09-2008 05:37 AM

‎04-09-2008 05:37 AM

Rarely logged in User list

Hello Admins,

Is there a way to check in HP-UX 11.00 the rarely logged in users(may be in the last one year). I tried last command. But it gives only the past three days..i.e Apr7, Apr8, & apr9.

Thanks in advance.
vthiru

0 Kudos
Reply
6 REPLIES 6
OldSchool
Honored Contributor

‎04-09-2008 06:17 AM

‎04-09-2008 06:17 AM

Re: Rarely logged in User list

is the system trusted or not?
Do you do any password aging, or force the passwd to be changed when the user first logs in?

There are a couple of things which *may* help, but they depend on the ansers to the above

"last" used the wtmp file. In your case, it looks like that file only goes back 3 days. This could be caused by a variey of things.
0 Kudos
Reply
Yashwant
Valued Contributor

‎04-09-2008 06:57 AM

‎04-09-2008 06:57 AM

Re: Rarely logged in User list

SAM allows you to specify user accounts and files that it should never remove.The file /etc/sam/rmuser.excl lists usernames that will not be removable from within SAM(although they may be retired)
0 Kudos
Reply
Yashwant
Valued Contributor

‎04-09-2008 07:06 AM

‎04-09-2008 07:06 AM

Re: Rarely logged in User list

SAM allows you to specify user accounts and files that it should never remove.The file /etc/sam/rmuser.excl lists usernames that will not be removable from within SAM(although they may be retired)


check /var/adm/wtmp
0 Kudos
Reply
OldSchool
Honored Contributor

‎04-09-2008 09:00 AM

‎04-09-2008 09:00 AM

Re: Rarely logged in User list

"SAM allows you to specify user accounts and files that it should never remove.The file /etc/sam/rmuser.excl lists usernames that will not be removable from within SAM(although they may be retired)"

So? He's trying to find user's that *rarely* use the system...which probably means he wants to retire obsolete user accounts....


"check /var/adm/wtmp"

he already said he's only getting 3 days...
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-09-2008 03:51 PM

‎04-09-2008 03:51 PM

Re: Rarely logged in User list

>I tried last. But it gives only the past three days..i.e Apr7, Apr8, & apr9.

As mentioned by others, if last(1) doesn't go back more than 3 days, you need to change your automation to keep this info longer. Possibly keeping the last entry for each user.

If the /var/adm/wtmp* data is removed, you could try to look at the last access date to their profiles:
$ ll -u ~user1/.profile
0 Kudos
Reply
OldSchool
Honored Contributor

‎04-10-2008 05:21 AM

‎04-10-2008 05:21 AM

Re: Rarely logged in User list

on a non-trusted systems, you might be able to examine the output of "passwd -sa".

those account that aren't locked will show "PS" as opposed to "LK". The date shown will be the date of the last password change. That date might help you. Depends on if you have password aging enabled, as if you don't, the indicated account simply may have never changed their password...

run "finger" on suspect accounts might turn up useful info as well.

There should be something similar for trusted systems as well
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.