HPE Community
Operating System - HP-UX
1833873 Members
1636 Online
110063 Solutions
New Discussion

Re: report to list locked accounts

 
SOLVED
Go to solution
michael kolotila
Occasional Advisor

‎08-29-2005 02:32 AM

‎08-29-2005 02:32 AM

report to list locked accounts

hi
it is audit time again, or will be shortly. i have a trusted system on an HPUX11iv1 system and would a way to get a report of the locked accounts, short of touching every account and looking. has anyone written such a script that they would be willing to share.
thanks in advance.
michael
0 Kudos
Reply
9 REPLIES 9
RAC_1
Honored Contributor

‎08-29-2005 02:40 AM

‎08-29-2005 02:40 AM

Re: report to list locked accounts

for i in `logins -u | awk '{print $1}`
do
stat=`getprpw -m lockout ${i}`
if [[ ${stat) != "0000000" ]]
then
echo "Account locked ${i}"
fi
done
There is no substitute to HARDWORK
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎08-29-2005 02:42 AM

‎08-29-2005 02:42 AM

Re: report to list locked accounts

Hi,

Check this doc from the itrc database.

Document description: How to report inactive (locked) user accounts on a trusted system
Document id: USECKBRC00008606

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080047721

Best regards,
Robert-Jan
0 Kudos
Reply
Alessandro Pilati
Esteemed Contributor

‎08-29-2005 02:45 AM

‎08-29-2005 02:45 AM

Re: report to list locked accounts

You can use getprpw ( see man pages attached ).
Launch it for every user and check if they are locked ( grep alock=YES )

Rgds,
Alex





if you don't try, you'll never know if you are able to
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎08-29-2005 03:24 AM

‎08-29-2005 03:24 AM

Re: report to list locked accounts

Try the attached.

Default -shows locked accounts
expire -shows expired accounts and date
never -shows never activateds
user - shows lock code for user
user info - full info for user



0 Kudos
Reply
Tim Nelson
Honored Contributor

‎08-29-2005 03:25 AM

‎08-29-2005 03:25 AM

Solution

Re: report to list locked accounts

Sorry.

See attached script

Reply
michael kolotila
Occasional Advisor

‎08-29-2005 03:51 AM

‎08-29-2005 03:51 AM

Re: report to list locked accounts

tim
looks good. i think i will try to put the user's real name as well.
thank you very much.
michael
0 Kudos
Reply
michael kolotila
Occasional Advisor

‎08-29-2005 05:37 AM

‎08-29-2005 05:37 AM

Re: report to list locked accounts

robert-jean
thanks, i had tried it before and it didn't work. it did this time. thanks.
michael
0 Kudos
Reply
Jack C. Mahaffey
Super Advisor

‎09-12-2005 02:07 AM

‎09-12-2005 02:07 AM

Re: report to list locked accounts

Here's something I use on a regular basis:

syntax:

trusted_locked_accounts.sh ALL | | !

Example:
trusted_locked_accounts.sh ALL
-- Cycles through /etc/password

trusted_locked_accounts.sh jimbob
-- Checks login jimbob only

trusted_locked_accounts.sh !
-- Prompts user for input


Output also lists the command to unlock locked accounts.

jack...
0 Kudos
Reply
Jack C. Mahaffey
Super Advisor

‎09-12-2005 02:10 AM

‎09-12-2005 02:10 AM

Re: report to list locked accounts

Scripts runs another script 'amitrusted.sh' which contains the following:

#!/usr/bin/sh
#set -v
TRUSTED=0
NDNAME=`/usr/bin/uname -n`
retval=0
TRUSTED=`/usr/bin/grep '^root:\*:' /etc/passwd | wc -l`
if [ $TRUSTED -eq 1 ] ; then
echo "INFO0001: $NDNAME is a TRUSTED system"
else
retval=1
echo "INFO0002: $NDNAME is NOT a TRUSTED system"
fi
exit $retval

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.