HPE Community
Operating System - HP-UX
1827999 Members
2991 Online
109973 Solutions
New Discussion

Script help

 
SOLVED
Go to solution
Nick D'Angelo
Super Advisor

‎04-19-2007 05:30 AM

‎04-19-2007 05:30 AM

Script help

I want to look at setting up a script to run once a month that will use the logins -axu command.

However, I only want to know about the passwords that have not changed in over 90 days.

The output of the above command produces this:

langlcx 103 users 20 Claude langlois,,466,
/home1/langlcx
/usr/bin/sh
PS 041307 0 90 7
0 000000

I need to key on the PS 041307 which indicates the last date that the password was changed.

Any tips?

Thanks

Always learning
0 Kudos
10 REPLIES 10
Steven E. Protter
Exalted Contributor

‎04-19-2007 06:12 AM

‎04-19-2007 06:12 AM

Re: Script help

Shalom,

The output of passwd -sa might be helpful as a starting point.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Aussan
Respected Contributor

‎04-19-2007 06:23 AM

‎04-19-2007 06:23 AM

Re: Script help

hi

this should give you the last time a user changed a password

/usr/lbin/getprpw -r -m spwchg

you can have a function in the script that compares the date and if it's more then 90 days to notify you
The tongue weighs practically nothing, but so few people can hold it
0 Kudos
Aussan
Respected Contributor

‎04-19-2007 06:30 AM

‎04-19-2007 06:30 AM

Re: Script help

oh forgot to say another thing to look at is
exptm

example
#/usr/lbin/getprpw -r -m exptm root
30

so i know that root still has 30 days before password expire


regards

Aussan


The tongue weighs practically nothing, but so few people can hold it
0 Kudos
Nick D'Angelo
Super Advisor

‎04-19-2007 06:35 AM

‎04-19-2007 06:35 AM

Re: Script help

Steven,

Passwd -sa

give me this, not much but a start I guess

nickd PS
archer LK
stephens LK
barthele LK
toigo LK
petrecca LK
Always learning
0 Kudos
Nick D'Angelo
Super Advisor

‎04-19-2007 06:38 AM

‎04-19-2007 06:38 AM

Re: Script help

Aussan,

That is not bad, but I want to do this in all in a script.

I want to run the command and put the output into a file.

Then, i should probably sort the file by date.

Always learning
0 Kudos
Aussan
Respected Contributor

‎04-19-2007 07:02 AM

‎04-19-2007 07:02 AM

Re: Script help

you can do it in a script
have a for loop that goes throug the user names and does the command

for example

#!/usr/bin/sh

cd /home
for n in *
do
val1=`/usr/lbin/getprpw -r -m exptm $n`
echo "$n has $val1 days left" >> /tmp/myfile
done
The tongue weighs practically nothing, but so few people can hold it
0 Kudos
Aussan
Respected Contributor

‎04-19-2007 08:12 AM

‎04-19-2007 08:12 AM

Re: Script help

also another thing to look at is the past password lifetime in the lockout value

i'm assuming here that if a password has not been changed in over 90 days the account will lock

so you can also do
/usr/lbin/getprpw -r -m lockout

if the value is 1000000 then it's locked out because it's past password lifetime

so in the script you can write

LOCKOUT_VAL=`/usr/lbin/getprpw -r -m lockout $USER_NAME`

if [ $LOCKOUT_VAL -eq 1000000 ]
then
echo "Account for $USER_NAME is past password lifetime" >> /tmp/myfile

fi
The tongue weighs practically nothing, but so few people can hold it
0 Kudos
Arturo Galbiati
Esteemed Contributor

‎04-19-2007 07:55 PM

‎04-19-2007 07:55 PM

Solution

Re: Script help

Hi Nick,
this ksh script will show you when a password will expire for trusted or untrusted system.
HTH,
Art
0 Kudos
Nick D'Angelo
Super Advisor

‎04-23-2007 12:21 AM

‎04-23-2007 12:21 AM

Re: Script help

Arturo, this is a great script, thank you.

Thank you to all for your suggestions/tips.

Nick
Always learning
0 Kudos
Nick D'Angelo
Super Advisor

‎04-23-2007 12:22 AM

‎04-23-2007 12:22 AM

Re: Script help

great suggestions/tips from members.
Always learning
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.