Operating System - HP-UX
1833873 Members
1636 Online
110063 Solutions
New Discussion

Re: report to list locked accounts

 
SOLVED
Go to solution
michael kolotila
Occasional Advisor

report to list locked accounts

hi
it is audit time again, or will be shortly. i have a trusted system on an HPUX11iv1 system and would a way to get a report of the locked accounts, short of touching every account and looking. has anyone written such a script that they would be willing to share.
thanks in advance.
michael
9 REPLIES 9
RAC_1
Honored Contributor

Re: report to list locked accounts

for i in `logins -u | awk '{print $1}`
do
stat=`getprpw -m lockout ${i}`
if [[ ${stat) != "0000000" ]]
then
echo "Account locked ${i}"
fi
done
There is no substitute to HARDWORK
Robert-Jan Goossens
Honored Contributor

Re: report to list locked accounts

Hi,

Check this doc from the itrc database.

Document description: How to report inactive (locked) user accounts on a trusted system
Document id: USECKBRC00008606

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

Best regards,
Robert-Jan
Alessandro Pilati
Esteemed Contributor

Re: report to list locked accounts

You can use getprpw ( see man pages attached ).
Launch it for every user and check if they are locked ( grep alock=YES )

Rgds,
Alex





if you don't try, you'll never know if you are able to
Tim Nelson
Honored Contributor

Re: report to list locked accounts

Try the attached.

Default -shows locked accounts
expire -shows expired accounts and date
never -shows never activateds
user - shows lock code for user
user info - full info for user



Tim Nelson
Honored Contributor
Solution

Re: report to list locked accounts

Sorry.

See attached script

michael kolotila
Occasional Advisor

Re: report to list locked accounts

tim
looks good. i think i will try to put the user's real name as well.
thank you very much.
michael
michael kolotila
Occasional Advisor

Re: report to list locked accounts

robert-jean
thanks, i had tried it before and it didn't work. it did this time. thanks.
michael
Jack C. Mahaffey
Super Advisor

Re: report to list locked accounts

Here's something I use on a regular basis:

syntax:

trusted_locked_accounts.sh ALL | | !

Example:
trusted_locked_accounts.sh ALL
-- Cycles through /etc/password

trusted_locked_accounts.sh jimbob
-- Checks login jimbob only

trusted_locked_accounts.sh !
-- Prompts user for input


Output also lists the command to unlock locked accounts.

jack...


Jack C. Mahaffey
Super Advisor

Re: report to list locked accounts

Scripts runs another script 'amitrusted.sh' which contains the following:

#!/usr/bin/sh
#set -v
TRUSTED=0
NDNAME=`/usr/bin/uname -n`
retval=0
TRUSTED=`/usr/bin/grep '^root:\*:' /etc/passwd | wc -l`
if [ $TRUSTED -eq 1 ] ; then
echo "INFO0001: $NDNAME is a TRUSTED system"
else
retval=1
echo "INFO0002: $NDNAME is NOT a TRUSTED system"
fi
exit $retval