HPE Community
Operating System - HP-UX
1835002 Members
2484 Online
110073 Solutions
New Discussion

Re: script help please ..

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎02-26-2002 12:42 PM

‎02-26-2002 12:42 PM

script help please ..

Hey everyone ..
I am working on an auditing script to see how many times users log in and fail. I am working with the last,lastb, command and the su.log.
With the last commands I am doing
last | grep -v ftp # this is because there are allot of ftps going on and I am not too intrested in them. And I get output like so:
rleon pts/te Tue Feb 26 14:42 - 14:43 (00:00)
rgagnon pts/tc Tue Feb 26 14:29 still logged in
rleon pts/ta Tue Feb 26 14:28 still logged in
bkirk pts/ta Tue Feb 26 13:28 - 13:30 (00:01)
bconvers pts/te Tue Feb 26 11:18 - 11:40 (00:22)
bkirk pts/tg Tue Feb 26 10:47 - 13:21 (02:34)


How can redirect this output to be more of a port type output? For example

rleon still loged in 1
rleon 1
bkirk 2
bconvers 1

And so on. I have been working with awk but I cant get the right output. I know if I can get the right awk santax that I can fix them all to output right.

Thanks
Richard
0 Kudos
Reply
9 REPLIES 9
Mark Greene_1
Honored Contributor

‎02-26-2002 12:53 PM

‎02-26-2002 12:53 PM

Re: script help please ..

pipe the output through sort:

last | grep -v ftp |sort

the default behavior for sort is to sort on the first space-delimited field. You can change this, man sort for more info.

HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
someone_4
Honored Contributor

‎02-26-2002 01:55 PM

‎02-26-2002 01:55 PM

Re: script help please ..

The sort command will sort for me .. and with
sort -k 6,6 sulog
or with the
last | grep -v ftp | sort
I can sort buy the users. But I still need a final count of the users. But just a list of the users. I need to turn this:

ajohnson pts/ta Tue Feb 26 08:05 - 08:05 (00:00)
rleon pts/ta Tue Feb 26 14:28 - 15:05 (00:36)
rleon pts/tc Tue Feb 26 15:37 - 15:41 (00:04)
rleon pts/tc Tue Feb 26 15:49 still logged in
rleon pts/te Tue Feb 26 14:42 - 14:43 (00:00)


into this:

ajohnson 1
rleon 4

And so on for all the users that come out with the last command.

Richard
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎02-26-2002 02:03 PM

‎02-26-2002 02:03 PM

Re: script help please ..

Pipe the output of the sort to "cut -f1" then "uniq -c", this will produce a count of each user.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Eric Ladner
Trusted Contributor

‎02-26-2002 02:05 PM

‎02-26-2002 02:05 PM

Solution

Re: script help please ..

last | grep -v ftp | awk '{ print $1 }' | sort -u | while read name
do
last | grep -v ftp | grep -c "^$name" | read count
echo $name $count
done

That does the trick for counts per user.
Reply
Eric Ladner
Trusted Contributor

‎02-26-2002 02:06 PM

‎02-26-2002 02:06 PM

Re: script help please ..

(that first line got wrapped - 'while read name' should be together on the first line, 'do' on the second line)
0 Kudos
Reply
Eric Ladner
Trusted Contributor

‎02-26-2002 02:14 PM

‎02-26-2002 02:14 PM

Re: script help please ..

Here's one that does it with the still logged in counts too (simple change).

(see attached)
Reply
Scott Van Kalken
Esteemed Contributor

‎02-26-2002 02:18 PM

‎02-26-2002 02:18 PM

Re: script help please ..

here's a quick and dirty one I kocked up for an audit over december. I haven't had time to fix it up, but it's a start.

It's for a trusted system.

#!/bin/sh

SCRIPT=${0##*/}
TODAY=$(date)
TMPFILE=/tmp/$SCRIPT.tmp
LOGFILE=$SCRIPT.log

get_users()
{
cat /etc/passwd | cut -d: -f1 > $TMPFILE
}

check_last_login()
{
while read user ; do
LOCKED=`/usr/lbin/getprpw -m lockout $user | sed 's/lockout=//'`
if [ $LOCKED -ne 0 ] ;
then
DISABLED="LOCKED OUT"
else
DISABLED=""
fi
LASTLOGIN=`/usr/lbin/getprpw -m slogint $user | sed 's/slogint=/'$user' /'`
echo "\n$LASTLOGIN\t$DISABLED"
done
}

get_users
echo "USERNAME LAST LOGIN TIME"
check_last_login < $TMPFILE

rm -rf $TMPFILE
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎02-27-2002 08:55 AM

‎02-27-2002 08:55 AM

Re: script help please ..

Oh my, this would be far too much fuss for me to involve awk or so.
Instead a mere Perl one-liner does this
(might be improvable, since I just hacked it in at the shell prompt)

last|perl -nae '$user{$F[0]}++ unless $F[0] eq "ftp";END{map {printf "%10s%6u\n",$_,$user{$_}} keys %user}'
Madness, thy name is system administration
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎02-27-2002 10:36 AM

‎02-27-2002 10:36 AM

Re: script help please ..

Hi Richard:

You might consider this:

#!/usr/bin/sh
last|sort -k1| awk 'NF>1 && $2 !~/ftp/ && $1!~/wtmp/ {
if (FIRST==0) {FIRST=1;USR=$1}
if (USR!=$1) {print USR,"ON="ON,"OFF="OFF;ON=0;OFF=0}
USR=$1
if ($7~/still/) {ON++} else {OFF++}
}'

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.