HPE Community
Operating System - HP-UX
1844311 Members
2803 Online
110230 Solutions
New Discussion

User Audit and password ageing

 
Rogelio Ordinario
Contributor

‎10-16-2002 07:04 AM

‎10-16-2002 07:04 AM

User Audit and password ageing

Does anyone already prepared a script to determine who are currently employed and users that are not using their logins for sometime. Also I need to know if the password ageing is enabled on their accounts?
0 Kudos
Reply
5 REPLIES 5
Ken Hubnik_2
Honored Contributor

‎10-16-2002 07:06 AM

‎10-16-2002 07:06 AM

Re: User Audit and password ageing

Try logins -a or do a man on the logins command.
0 Kudos
Reply
Tibi Baraboi_1
Advisor

‎10-16-2002 07:43 AM

‎10-16-2002 07:43 AM

Re: User Audit and password ageing

1) man last

2) man wtmp

if your /var/adm/wtmp file is not overwritten you can use last

3) I use a small script in users' .profile

#!/usr/bin/ksh
# Update in sessions.log the last time when the user used the account
# If there is no line for user it will be added
# If there is already a line , the date of the last access will be updated.
#

lines=`grep -c $LOGNAME /home/tbaraboi/sessions.log`

today=`date '+%y%m%d'`

if [ $lines -lt 1 ] ; then
echo "${LOGNAME} ${today}" >> /your/path/sessions.log
else
olddate=`grep ${LOGNAME} /your/path/sessions.log | awk '{print $2}'`
newdate=${today}
if [ $olddate != $newdate ] ; then
oldline=`grep ${LOGNAME} /your/path/sessions.log`
newline="${LOGNAME} ${today}"
sed "s/$oldline/$newline/" /your/path/sessions.log > /your/path/sessions.log.$$
mv /your/path/sessions.log.$$ /your/path/sessions.log
else
#echo "There is already an input for today."
:
fi
fi

#EOP


I sessions.log you will have the date of last login for each accoun. Further you have just to analize this file in order to see who & when use the system.
I had to use this small trick because out wtmp DB was corrupted too often and we had to drop it and recreate it.

Hope it helps.

Best Regards,
Tibi Baraboi
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎10-16-2002 07:49 AM

‎10-16-2002 07:49 AM

Re: User Audit and password ageing

Hi


w will give the times since a user has logged in .
logins -a too will help you ,

to know the password aging stuff you need to check the /tcb/files/auth/ and it will ahve files from a to z with each user name and policy under that sub directory.


Manoj Srivastava
0 Kudos
Reply
John O'Driscoll_1
New Member

‎10-17-2002 06:25 AM

‎10-17-2002 06:25 AM

Re: User Audit and password ageing

You can check on whether password ageing is enabled for a user account by using SAM:
Accounts for Users and Groups -> Users -> select login name -> Actions -> Modify -> Modify Password Options

Most of our user accounts have password ageing set, and this is reflected in the password field of /etc/passwd

When no options are set, the password field is :<13 char encrypted password>:
When options are set, the password field is :<13 char encrypted password>,<4 char options setting>:

On that logic, if the 14th character of the password field is "," then the password options have been set (ie the account probably has password ageing enabled). Therefore this script will return the login ID, real name and whether the options have been set:

awk -F':' '{ printf ( "%s\t%s\tPassword options set = ", $1, $5 )
if( substr( $2, 14, 1) == "," ) # Test for a comma in the 14th character of
printf( "Yes\n" ) # the password field.
else
printf( "No\n" ) }' /etc/passwd

You can probably refine this further to get more info on the password settings.
0 Kudos
Reply
Daniel Ocampo_1
New Member

‎10-17-2002 06:56 AM

‎10-17-2002 06:56 AM

Re: User Audit and password ageing

Try this:

logins -o -x >>

This extended information includes home directory, login shell and password aging data, each on its own line. Password information consists of password status (PS for valid password, LK for locked and NP for no password) and, if a password is present, date of last change, required number of days between changes, and number of days allowed between changes. or

passwd -s -a >>
and import the file into ecxel file. You can see who is not using the account and therefore check with HR and delete the account.


For age anabled, check

/tcb/files/auth/system/default
Daniel
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.