Re: restrict inactive user accounts

unixadmin_1 · ‎01-06-2009

Inactive user accounts were still present on the system. Eight hundred and two (37%) users had not logged on for 60 days, while 353 (13%) users had not logged on for 90 days. Inactive accounts are attractive targets that are often exploited to gain unauthorised access because the authorised users of such accounts are unlikely to notice someone breaking into and using them. Also, by using an existing account, the unauthorised user is less likely to draw the attention of the system administrator than if a new account is opened.

Ganesan R · ‎01-06-2009

Hi,

You can deactivate the inactive accounts if the system is trusted.

Best wishes,

Ganesh.

yulianto piyut · ‎01-06-2009

u can restrict by editing /etc/passwd file, edit the shell of user to /usr/bin/false or /bin/false. go to cissecurity to get manual book.

Rita C Workman · ‎01-06-2009

Well you seem to know who these folks are....so why not output their login-ids to a file, then run them through a simple loop to lock those inactive accounts....

for a `cat /inactive-login_ids.lis`
do
/usr/bin/passwd -l $a
done

You can dress it up....but it gives you an idea.

Rgrds,
Rita

change owners · ‎01-07-2009

as i am new to hpux, can you please send me complete code where i can restrict these passwords..Thank you

prasadb · ‎01-07-2009

hello unixadmin,

" for a `cat /inactive-login_ids.lis`
do
/usr/bin/passwd -l $a
done "

the point of Rita is only that if you already know the user accounts that are inactive for many days, make a list and then use

for a cat
do
/usr/bin/passwd -l $a
done

Best Regards,
prasad

Dennis Handly · ‎01-07-2009

>prasadb: make a list and then use

A better form without evil cat would be:
for a in $(< list-you-created); do
/usr/bin/passwd -l $a
done

unixadmin_1 · ‎01-19-2009

Please send me step by step process from the begining and please elaborate this issue ..I am beginer to unix environment..i got job as a fresher ...i couldnt understand one thing most of the answers i observed in HP forums are incomplete..if you dont mind please let me know how to execute this script and under what directory the code is executed..Please let me know the step by step process ...I just know how to login...and fes commands..thats it Thank you

Peter Nikitka · ‎01-19-2009

Hi "unixadmin",

some thoughts to your question and answers:
Do you have a list of these user accounts?
If not: get it.

Which format does this list have?
Create a file named 'inactive.lis' out of this list, having one user account in one line, if the list has not already this format.

Now copy or type the three lines of Dennis' answer in the command line:
for a in $(do /usr/bin/passwd -l $a
done

mfG Peter

PS: Do you know how to create a file?

The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"

Patrick Wallek · ‎01-19-2009

>>.I just know how to login

Then what are you doing in a System Administrator role? It sounds like you are extremely underqualified for the job.

Torsten. · ‎01-19-2009

The knowledge of "How to login" and the "few" commands are probably not enough to do administration on productive environments.

I would consider to take some trainings and qualification first.

BTW, you should read also this:

http://forums11.itrc.hp.com/service/forums/helptips.do?#33

(a good way to say "thank you" to all who trying to help you)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

OldSchool · ‎01-19-2009

".i got job as a fresher ...i couldnt understand one thing most of the answers i observed in HP forums are incomplete..."

that's not correct....the forums are designed to help people...but they assume that there is at least a "working knowledge" of hpux.

In your case, you're in over your head and are asking people to do your job for you. this is all volunteer stuff, most people here have there own jobs to attend to as well. Why should we do your work, when your the one collecting the pay for it.

You need to get some training, and very quickly

Michael Mike Reaser · ‎01-19-2009

"i got job as a fresher ...i couldnt understand one thing most of the answers i observed in HP forums are incomplete.."

No, no the answers are **NOT** "incomplete".

You don't know what we're talking about, but that doesn't mean the answers are "incomplete". Many of us, like me, take a break from our own work days to try to help folks, but we're also presuming that the folks we're helping understand what we're talking about.

You do not.

"I just know how to login...and fes commands..thats it"

Then perhaps you should **NOT** be a "unixadmin". In fact, you should **NOT** even be a "unixuser".

You're expecting the rest of us to do your job for you, for free. You're the one getting paid for it, you're the one not assigning points to replies to your questions:

I have assigned points to 0 of 78 responses to my questions.

First off, to continue using the knowledge contained within these Forums, you should follow the instructions here:

http://forums11.itrc.hp.com/service/forums/helptips.do?#33

However, the best solution would be for you to find and obtain some training on Unix basics. Then, and **ONLY** then, should you try to start learning all the tasks required to be a system administrator.

There's no place like 127.0.0.1

HP-Server-Literate since 1979

unixadmin_1 · ‎01-20-2009

Hi Micahael,

I am not working to any of the company you imagined...I Just joined as a trainee for one traning organisation.. and i am trying hard to get the solution after there is no way i am just refering you...Iam very sorry that i never assigned points ..as I said earlier I am new buddy My age is just 18...I am studying 1st year engineering and getting trained with one organization..so If any thing wrong please let me know...

unixadmin_1 · ‎01-20-2009

Please come up with the solution never disourage learners..that states you doesnt know anything...

Patrick Scherrer · ‎01-20-2009

To learn, one must assimilate the teachings of those already in the know. You seem to be looking for an answer that you can cut and paste into a browser or some other e-training material.

That's not learning.

The people here have been incredibly helpful to me.

unixadmin_1 · ‎01-20-2009

No Patrick you are assuming me in wrong way If any thing wrong I am really sorry

Peter Nikitka · ‎01-20-2009

Hi,
my LAST try:

Did your try to work down the list I gave?

What where/are the problems?

BTW, you got already a copy+paste solution.

Did you read and understand
http://forums11.itrc.hp.com/service/forums/helptips.do?#33

mfG Peter

The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"

unixadmin_1 · ‎02-12-2009

Thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: restrict inactive user accounts

restrict inactive user accounts