hey Guys, I haven't posted in a while, But you guys were really helpful alst time.
I have had a issue with User Passwords expiring, and since I dont check /var/cron/log on the regular I never know these suers are expiring, making certain nightly jobs not run.
With this script, I want to be able to check for these particular users password expiration and mail ourselves a reminder.
I saw plenty of examples online, but I have a thing of borrowing from or editing code I cant understand as I want to understand what I am writing, and what the code is doing, helps me learn better.
Below is some code I've written to a way I can understand and work with. This code is dependent on a epoch Perl script I found online. But I dont think that is my problem presently. My problem is that right now, it does through every user in /etc/shadow and checks. I want it to only check a particular set of users our Admin usersnames all end in adm. so I want to only search for users in /etc/shadow ending in adm (for example testbedadm) and check for its expiration dates.
Any Suggestions? And sorry if this was lengthy
Code:
#!/bin/ksh
#Author:Emmanuel Iroanya Jr
#Edited:
#Date:December 20th, 2012
#Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration seven days in advance
#This script needs the epoch.pl I found on google to work
ID=`id | cut -d ' ' -f 1`
if [[ "${ID}" != "uid=0(root)" ]]
then
echo "You Need To Be Root To Run This Script, Please and Thank You"
exit 1
fi
export Shadow=/etc/shadow
#Location of the epoch.pl script I found from Google to Compare the Date
export EpochSh=/usr/local/bin/epoch.pl
export Hostname=`hostname`
#Our SSE Email Address that will get notification
export Email="!SysEngGrp@mycompany.com"
for i in `cat $Shadow`
do
export User=`echo $i |cut -d ':' -f 1`
export MaxDay=`echo $i | cut -d ':' -f 5`
echo "$MaxDay"
export Epoch=`echo $i |cut -d ':' -f 3`
export Eval=`$EpochSh $Epoch | cut -d ':' -f 2`
echo "$Eval"
if [[ $Eval == `expr $MaxDay - 7` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 6` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 6 days. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 5` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 5 days. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 4` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 4 days. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 3` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 3 days. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 2` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 2 days. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == `expr $MaxDay - 1` ]]
then
echo "Password for unix user $User on `hostname` is going to expire in 1 day. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval == "$MaxDay" ]]
then
echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS"
fi
done
---------- Post updated at 05:14 PM ---------- Previous update was at 04:50 PM ----------
So I think I answered my question on how to look for the specific admin user with the below part,
Code:
for line in `cat $Shadow | grep adm`
do
echo $line
done >passFile.txt
for i in `cat passFile.txt`
do
rest of my logic etc...
However, when I run it I get a bunch of varying errors like below:
It looks to me that your expr syntax error has to do with non-numeric data. I don't know what perl program $EpochSh does, but if it doesn't print out a number followed by a colon, you will have trouble with this line:
export Eval=`$EpochSh $Epoch | cut -d ':' -f 2`
Could that be your problem?
Also, I would like to gently point out your Useless Use Of Cat (UUOC). If you use a while loop, you can let it do your parsing for $User, $Epoch, and $Maxday:
Code:
#!/bin/ksh
while IFS=":" read User f2 Epoch f4 Maxday therest
do
echo "User: $User"
echo "Epoch: $Epoch"
echo "Maxday: $Maxday"
done < /etc/shadow
Also, if /etc/shadow's lines contained spaces, your code would fail miserably.
Another point: ksh/bash type shells let you do arithmetic, so you don't have to use expr:
Code:
if [[ $Eval == $(($x - 3)) ]]
then
echo "equal"
else
echo "NOT equal"
fi
I'd gently propose a new "Useless Use of ELIF" award.
And I'm not sure I understand your approach to calculate the delta time until a password change is mandatory. Why don't you calculate the time difference between today (in days since epoch) and the next pw chng, which is shadow's field 3 + field 5, into e.g. DELTADAYS=fld3+fld5-today? If DELTADAYS <=0, alert, if 0 < DELTADAYS < 7, warn, otherwise OK?
I'd gently propose a new "Useless Use of ELIF" award.
And I'm not sure I understand your approach to calculate the delta time until a password change is mandatory. Why don't you calculate the time difference between today (in days since epoch) and the next pw chng, which is shadow's field 3 + field 5, into e.g. DELTADAYS=fld3+fld5-today? If DELTADAYS <=0, alert, if 0 < DELTADAYS < 7, warn, otherwise OK?
Sorry fro the late response, other work matters took my attention from this until now
Ok then, I removed the Else If Statements, and I took your way of arithmatic for my Eval, yet I still dont hae it working correctly.
Code:
#Author:Emmanuel Iroanya Jr
#Edited:
#Date:December 20th, 2012
#Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration seven days in advance
ID=`id | cut -d ' ' -f 1`
if [[ "${ID}" != "uid=0(root)" ]]
then
echo "You Need To Be Root To Run This Script, Please and Thank You"
exit 1
fi
export Shadow=/etc/shadow
EpochSh=`perl -e 'print time, "\n"'`
export Hostname=`hostname`
#Our SSE Email Address that will get notification
export Email="emmanuel@mycompany.com"
for line in `cat $Shadow | grep adm`
do
echo $line
done >passFile.txt
for i in `cat passFile.txt`
do
User=`echo $i |cut -d ':' -f 1`
MaxDay=`echo $i | cut -d ':' -f 5`
echo "$MaxDay"
Epoch=`echo $i |cut -d ':' -f 3`
Eval=`$MaxDay+$Epoch-$EpochSh`
echo "$Eval"
if [[ $Eval -lt 7 ]]
then
echo "Password for unix user $User on `hostname` is going to expire in less than a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
elif [[ $Eval -le 0 ]]
then
echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS"
fi
done
What Am I not understanding?
---------- Post updated at 05:36 PM ---------- Previous update was at 05:35 PM ----------
Quote:
Originally Posted by nails
It looks to me that your expr syntax error has to do with non-numeric data. I don't know what perl program $EpochSh does, but if it doesn't print out a number followed by a colon, you will have trouble with this line:
export Eval=`$EpochSh $Epoch | cut -d ':' -f 2`
Could that be your problem?
Also, I would like to gently point out your Useless Use Of Cat (UUOC). If you use a while loop, you can let it do your parsing for $User, $Epoch, and $Maxday:
Code:
#!/bin/ksh
while IFS=":" read User f2 Epoch f4 Maxday therest
do
echo "User: $User"
echo "Epoch: $Epoch"
echo "Maxday: $Maxday"
done < /etc/shadow
Also, if /etc/shadow's lines contained spaces, your code would fail miserably.
Another point: ksh/bash type shells let you do arithmetic, so you don't have to use expr:
Code:
if [[ $Eval == $(($x - 3)) ]]
then
echo "equal"
else
echo "NOT equal"
fi
I guess I used the Cat because it was what I was comfortable with, I will now try you while loop once I get the rest of it working.
Hi Lads,
I would like place the mechanism of force reset password to user when he login to the server after his password expired. Currently, We are resetting users once in every 60 days using cron job but I am thinking is there any other way to force reset passwords after it expires? I am using... (1 Reply)
Does anyone know if the default message displayed when a users password has expired can be changed? I am just assuming the message below is the default one. If so please tell.
Using username "justinxx".
justinxx@160.23.12.44's password:
WARNING: Your password has expired.
You must... (2 Replies)
Hi,
I am using sftp in batch script for which all configuration for public/private keys are done and it works fine without asking a password. No issues till this point. Now I the problem I have is that if the password expires/someone changes the authentication keys at reote server then the... (4 Replies)
Hi,
I have a small problem that I need to address regarding the password expiration for a number of different oracle accounts. Currently I have the MAXWEEKS set to 12 in the /etc/default/passwd file for all accounts. I also have sudo installed on the server and users access the oracle accounts... (2 Replies)
Hi All,
Is this true on chage command?
-M, MAX_DAYS
Passing the number -1 as MAX_DAYS will remove checking a password's validity.
Does this means password will not expire anymore?
Thanks for any comment you may add. (0 Replies)
Hello
I want to set the password for user never expire through the command line. For your information the box is running under Solaris 8 platform. (2 Replies)
Hi,
Is there any way to find out the UNIX user's password expire date?. It'll we helpful to inform the users to change the password before it get expires.(FYI - I am not having only admin previlege.) (1 Reply)
Hi,
How to disable passwd expire in HP UNIX by not using SAM ?
In our system SAM have some strange bugs. However due to some reason, we cannot add that patch.
B. Rgds
Christina (3 Replies)
login: TEST7
TEST7's Password:
Your password will expire: Wed Feb 19 14:28:08 2003
How can I the same information become in a script (as example
in the .profile)?????????
My login starts with .profile. These File is a menue with 24 lines and the message " Your password ....." disappear
to... (8 Replies)
12-22-2012
