Operating System - HP-UX
1833863 Members
2048 Online
110063 Solutions
New Discussion

report to list locked accounts

 
SOLVED
Go to solution
michael kolotila
Occasional Advisor

report to list locked accounts

hi
it is audit time again, or will be shortly. i have a trusted system on an HPUX11iv1 system and would a way to get a report of the locked accounts, short of touching every account and looking. has anyone written such a script that they would be willing to share.
thanks in advance.
michael
9 REPLIES 9
RAC_1
Honored Contributor

Re: report to list locked accounts

for i in `logins -u | awk '{print $1}`
do
stat=`getprpw -m lockout ${i}`
if [[ ${stat) != "0000000" ]]
then
echo "Account locked ${i}"
fi
done
There is no substitute to HARDWORK
Robert-Jan Goossens
Honored Contributor

Re: report to list locked accounts

Hi,

Check this doc from the itrc database.

Document description: How to report inactive (locked) user accounts on a trusted system
Document id: USECKBRC00008606

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

Best regards,
Robert-Jan
Alessandro Pilati
Esteemed Contributor

Re: report to list locked accounts

You can use getprpw ( see man pages attached ).
Launch it for every user and check if they are locked ( grep alock=YES )

Rgds,
Alex





if you don't try, you'll never know if you are able to
Tim Nelson
Honored Contributor

Re: report to list locked accounts

Try the attached.

Default -shows locked accounts
expire -shows expired accounts and date
never -shows never activateds
user - shows lock code for user
user info - full info for user



Tim Nelson
Honored Contributor
Solution

Re: report to list locked accounts

Sorry.

See attached script

michael kolotila
Occasional Advisor

Re: report to list locked accounts

tim
looks good. i think i will try to put the user's real name as well.
thank you very much.
michael
michael kolotila
Occasional Advisor

Re: report to list locked accounts

robert-jean
thanks, i had tried it before and it didn't work. it did this time. thanks.
michael
Jack C. Mahaffey
Super Advisor

Re: report to list locked accounts

Here's something I use on a regular basis:

syntax:

trusted_locked_accounts.sh ALL | | !

Example:
trusted_locked_accounts.sh ALL
-- Cycles through /etc/password

trusted_locked_accounts.sh jimbob
-- Checks login jimbob only

trusted_locked_accounts.sh !
-- Prompts user for input


Output also lists the command to unlock locked accounts.

jack...


Jack C. Mahaffey
Super Advisor

Re: report to list locked accounts

Scripts runs another script 'amitrusted.sh' which contains the following:

#!/usr/bin/sh
#set -v
TRUSTED=0
NDNAME=`/usr/bin/uname -n`
retval=0
TRUSTED=`/usr/bin/grep '^root:\*:' /etc/passwd | wc -l`
if [ $TRUSTED -eq 1 ] ; then
echo "INFO0001: $NDNAME is a TRUSTED system"
else
retval=1
echo "INFO0002: $NDNAME is NOT a TRUSTED system"
fi
exit $retval