05-12-2006
#!/bin/ksh
#set -vx
FALSE=false
current_time=$(perl -e 'print time (),"\n";')
let expired_time=current_time-7776000
let delete_time=current_time-15552000
awk -F: '{print $1}' /etc/passwd|while read records
do
if [ "$records" = "dm" -o "$records" = "root" -o "$records" = "daemon" -o "$records" = "bin" -o "$records" = "sys" -o "$
records" = "adm" -o "$records" = "uucp" -o "$records" = "guest" -o "$records" = "nobody" -o "$records" = "lpd" -o "$reco
rds" = "nuucp" ];then
SYS=$records
else
SYS=nonsys
fi
last_login_time=$(lsuser -a time_last_login $records|awk -F= '{print $2}')
account_status=$(lsuser -a account_locked $records|awk -F= '{print $2}')
if [ "$last_login_time" = "" ];then
if [ $records = $SYS -a "$records" != "root" -a "$account_status" = "false" ];then
# chuser account_locked=true $records
printf "%-8s never logged on. The account should be locked\n" $records
fi
if [ $records != $SYS -a "$records" != "root" ];then
# chuser account_locked=true $records
printf "%-8s never logged on. The account should be locked\n" $records
fi
elif [ $records = $SYS -a $records != "root" -a "$account_status" = "false" ];then
#chuser account_locked=true $records
printf "%-8s never logged on. The account should be locked\n" $records
elif [ $records != $SYS ];then
if [ $last_login_time -lt $delete_time ];then
printf "%-8s last logged on 6 months ago. The account needs to be deleted! Check /logs/backlogs/rmusers.log\n"
$records
echo $records must be removed. `date` >> /logs/backlogs/rmusers.log
elif [ $last_login_time -lt $expired_time ];then
# chuser account_locked=true $records
printf "%-8s last logged on 3 months ago. The account should be locked\n" $records
fi
fi
done
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
What is the correct procedures to clean up /var/spool/mqueue? Any help appreciated. This directory gets really clogged up at times. :( :( (1 Reply)
Discussion started by: thomi39
1 Replies
2. Shell Programming and Scripting
I am trying to add a unique string to a variable to prevent some name space collisions.
DATAFILE=/u001/app/unica/affinium644/campaign/partitions/limited/tmp/ebf9aaah.t~#
DATETIME=`date +%Y%m%d_%H%M%S`
echo $DATAFILE > tmpnme.txt
sed 's_/_ _g' tmpnme.txt > tmpnme2.txt
DATA=$(cat tmpnme2.txt)... (2 Replies)
Discussion started by: whdr02
2 Replies
3. Shell Programming and Scripting
Hi!
I would like to write a script which remove some files, all beginning with the same prefix :
prefix.1
doc/prefix.2
../prefix.3
etc.
So, I would create a file and chmod it executable. But I dont know how to pass a variable to a script. I would like to write something like
... (2 Replies)
Discussion started by: tipi
2 Replies
4. Solaris
Hi All,
I have this script for linux on cleaning up orphaned folder. But I need to use this on solaris 8/9/10
for user in $(ls | grep -v lost+found) ; do
id $user >/dev/null 2>&1
if ]
then
ls -ld $user
grep $user /etc/passwd
fi
done
Can someone please convert this script? ... (1 Reply)
Discussion started by: itik
1 Replies
5. Shell Programming and Scripting
Hello there,
I want to remove duplicate directories of $PATH. I already have the code (found in this forum), which removes duplicate lines in a textfile.
awk 'x++==0' filename
By how do I use this for the $PATH-variable? (17 Replies)
Discussion started by: doc_symbiosis
17 Replies
6. Shell Programming and Scripting
Hi,
I am trying to clean up data between parenthesis () in a file.
See example below....
Input File :
(New York) Chicago (London)
New York (Chicago) London
New York Chicago (London)
(New York) (Chicago) (London)
New York (Chicago)
... (3 Replies)
Discussion started by: msalam65
3 Replies
7. Red Hat
I have a server running redhat 5.5 and it has one SAN device presented to it as LUN9. How can I clean up the remaining entries. I cannot afford to interupt the service. Please assist.
# multipath -l
mpath0 (36000097000019260298953666633436) dm-11 EMC,SYMMETRIX
\_ round-robin 0
\_ 2:0:0:9 ... (2 Replies)
Discussion started by: Tirmazi
2 Replies
8. OS X (Apple)
I am trying to come up with a universal way of cleaning up after CS5 (and 5.5) installs. The history is this: adobe has a deployment tool called AAMEE that lets you re-package items and deploy them. Unfortunately it's very messy and leaves Application folders (and pieces of the apps) that do not... (1 Reply)
Discussion started by: kleinboy
1 Replies
9. OS X (Apple)
Hi there,
i do get some text files that i'd lile to clean them up based on following rule: if a line starts with " then remove return (new line, carriage return) before ".
Example, my input text file
line 1
line 2
"line 3
I'd like this to come as
line 1
line 2line3
How can i... (4 Replies)
Discussion started by: gigagigosu
4 Replies
10. UNIX for Advanced & Expert Users
Greetings all,
I have inherited this offline Red Hat YUM repo that contains over 42000 packages. You read that right. There are 71 kernels alone. The process that I've inherited has us reposync on an Internet-connected-server then sneaker-net the delta to our offline repo where we do a yum... (2 Replies)
Discussion started by: geoeldsul
2 Replies
LEARN ABOUT FREEBSD
auditreduce
AUDITREDUCE(1) BSD General Commands Manual AUDITREDUCE(1)
NAME
auditreduce -- select records from audit trail files
SYNOPSIS
auditreduce [-A] [-a YYYYMMDD[HH[MM[SS]]]] [-b YYYYMMDD[HH[MM[SS]]]] [-c flags] [-d YYYYMMDD] [-e euid] [-f egid] [-g rgid] [-j id]
[-m event] [-o object=value] [-r ruid] [-u auid] [-v] [file ...]
DESCRIPTION
The auditreduce utility selects records from the audit trail files based on the specified criteria. Matching audit records are printed to
the standard output in their raw binary form. If no file argument is specified, the standard input is used by default. Use the praudit(1)
utility to print the selected audit records in human-readable form.
The options are as follows:
-A Select all records.
-a YYYYMMDD[HH[MM[SS]]]
Select records that occurred after or on the given datetime.
-b YYYYMMDD[HH[MM[SS]]]
Select records that occurred before the given datetime.
-c flags
Select records matching the given audit classes specified as a comma separated list of audit flags. See audit_control(5) for a
description of audit flags.
-d YYYYMMDD
Select records that occurred on a given date. This option cannot be used with -a or -b.
-e euid
Select records with the given effective user ID or name.
-f egid
Select records with the given effective group ID or name.
-g rgid
Select records with the given real group ID or name.
-j id Select records having a subject token with matching ID, where ID is a process ID.
-m event
Select records with the given event name or number. This option can be used more then once to select records of multiple event types.
See audit_event(5) for a description of audit event names and numbers.
-o object=value
file Select records containing path tokens, where the pathname matches one of the comma delimited extended regular expression con-
tained in given specification. Regular expressions which are prefixed with a tilde ('~') are excluded from the search
results. These extended regular expressions are processed from left to right, and a path will either be selected or
deslected based on the first match.
Since commas are used to delimit the regular expressions, a backslash ('') character should be used to escape the comma if
it is a part of the search pattern.
msgqid Select records containing the given message queue ID.
pid Select records containing the given process ID.
semid Select records containing the given semaphore ID.
shmid Select records containing the given shared memory ID.
-r ruid
Select records with the given real user ID or name.
-u auid
Select records with the given audit ID.
-v Invert sense of matching, to select records that do not match.
EXAMPLES
To select all records associated with effective user ID root from the audit log /var/audit/20031016184719.20031017122634:
auditreduce -e root
/var/audit/20031016184719.20031017122634
To select all setlogin(2) events from that log:
auditreduce -m AUE_SETLOGIN
/var/audit/20031016184719.20031017122634
Output from the above command lines will typically be piped to a new trail file, or via standard output to the praudit(1) command.
Select all records containing a path token where the pathname contains /etc/master.passwd:
auditreduce -o file="/etc/master.passwd"
/var/audit/20031016184719.20031017122634
Select all records containing path tokens, where the pathname is a TTY device:
auditreduce -o file="/dev/tty[a-zA-Z][0-9]+"
/var/audit/20031016184719.20031017122634
Select all records containing path tokens, where the pathname is a TTY except for /dev/ttyp2:
auditreduce -o file="~/dev/ttyp2,/dev/tty[a-zA-Z][0-9]+"
/var/audit/20031016184719.20031017122634
SEE ALSO
praudit(1), audit_control(5), audit_event(5)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD
January 24, 2004 BSD