03-24-2011
pwage-hpux-T for Trusted HPUX servers
I'm sharing this in case anybody needs it. Modified from the original solaris pwage script. This modified hpux script will check /etc/password file on hpux trusted systems search /tcb and grep the required u_succhg field. Calculate days to expiry and notify users via email.
original solaris pwage script:
https://www.unix.com/shell-programmin...sword-age.html
for the hpux script you need to modify following
/etc/passwd file needs to have a "+email@domain.com" in the description field. You can use '+' or any other symbol but not sure if you can use another ':'
aixguy:*:114:106:aix administrator
+aixguy@unix.com:/home/aixguy:/usr/bin/sh
hpuxguy:*:103:106:hpux admin
+hpuxguy@unix.com:/home/hpuxguy:/usr/bin/sh
sparcguy:*:112:106:solaris administrator
+sparcguy@unix.com:/home/sparcguy:/usr/bin/ksh
MAXAGE=90 <-- we use 90 day expiry policy modify for yours.
Quote:
#! /bin/sh
for i in `cat /etc/passwd | grep \@ | sed 's/:/+/g' | cut -d+ -f1`
do
Quote:
for j in `find /tcb -name $i -exec ls -1 {} \;`
do
LASTPWCHG=`cat $j | grep u_succhg | sed 's/:/#/g' | cut -d# -f3`
DAYSEC=`echo "60*60*24" | bc`
DAWNOFTIME=`/usr/contrib/bin/perl -e 'print int(time)'`
SECSAGO=`echo "$DAWNOFTIME - $LASTPWCHG" | bc`
DAYSAGO=`echo $SECSAGO/$DAYSEC | bc`
done
MAXAGE=90
LEFTDAYS=`echo "$MAXAGE - $DAYSAGO" | bc`
if [[ "$LEFTDAYS" = 7 ]]
then
EMAILID=`cat /etc/passwd | grep $i | sed 's/:/+/g' | cut -d+ -f6`
echo "Your unix id $i will expire in $LEFTDAYS days" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi
if [[ "$LEFTDAYS" = 3 ]]
then
EMAILID=`cat /etc/passwd | grep $i | sed 's/:/+/g' | cut -d+ -f6`
echo "Your unix id $i will expire in $LEFTDAYS days" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi
if [[ "$LEFTDAYS" -lt 0 ]]
then
EMAILID=`cat /etc/passwd | grep $i | sed 's/:/+/g' | cut -d+ -f6`
echo "Please note that your unix id $i has aleaady expired" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi
done
If you want to test modify MAXAGE=0 or 10
do not run against un-trusted hpux boxes
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there any problems of binaries compatibility between HPUX 10.20 et 11 ? (2 Replies)
Discussion started by: Olivier
2 Replies
2. HP-UX
:( i got couple of weeks ago a : HP Visualize workstation , model B100.
everithing is ok in the box the only problem is that i 'am not familiar with this operational sys, and i try to uninstall and see if i can get on it windows net server 64 bit. or any other 64 bit operational sys that i'll... (1 Reply)
Discussion started by: newbird
1 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I am a SAP Basis admin recentely been asked to administer a HPUX server. Could someone recommend some good study material to learn with the Sap
prespective.
-carry (1 Reply)
Discussion started by: carryclare
1 Replies
4. UNIX and Linux Applications
Hi
can any tell where we can get RPM files for HPUX OS
RPM file can be of any application ,it should be succesfully installed in the
machine
Regards
Harish Kumar :confused: (2 Replies)
Discussion started by: harishkumar
2 Replies
5. Shell Programming and Scripting
I am running HPUX and using WLM (workload manager). I want to write a script to fork CPUs to basically take CPUs from other servers to show that the communication is working and CPU licensing is working. Basically, I want to build a script that will use up CPU on a server. Any ideas? (2 Replies)
Discussion started by: cpolikowsky
2 Replies
6. Shell Programming and Scripting
Hello.
I cant figure out how can i move entire row up , so it pasted on the one above at the end , or to do that for one character.
In notepads,word, or some other text editors we would do that with backspace button.
Example.
Content of my text file is this :
I am trying to do
that.
And... (2 Replies)
Discussion started by: tonijel
2 Replies
7. UNIX and Linux Applications
Hi,
We've got a samba server running in our DMZ. Our users drag & drop files on it for vendors. Everything was working perfectly until the powers that be decided to build a trust between a couple of internal domains.
Samba is now querying each server in the trust. When a user browses... (5 Replies)
Discussion started by: mph
5 Replies
8. AIX
This is the password aging script for aix just completed. So far tested and still testing on one of our aix server running 5.3.0.0. So anyway as you can see it is very similar to pwage-hpux-T the only difference on aix /etc/passwd file looks in this format. Also for this script to work you need to... (0 Replies)
Discussion started by: sparcguy
0 Replies
9. Shell Programming and Scripting
Hello All
Why is hpux is not much spoken in the unix/Linux platform. what is the disadvantes in HPUX
Thanks,
VJ (1 Reply)
Discussion started by: Vijaykannan T
1 Replies
10. HP-UX
is there a way for my C++ application to find out which mode the hpux OS is running in?
standard mode or trusted mode. (3 Replies)
Discussion started by: einsteinBrain
3 Replies
LEARN ABOUT OPENSOLARIS
device_allocate
device_allocate(4) File Formats device_allocate(4)
NAME
device_allocate - device_allocate file
SYNOPSIS
/etc/security/device_allocate
DESCRIPTION
The device_allocate file is an ASCII file that resides in the /etc/security directory. It contains mandatory access control information
about each physical device. Each device is represented by a one- line entry of the form:
device-name;device-type;reserved1;reserved2;auths;device-exec
where:
device-name
Represents an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non-printable charac-
ters.
device-type
Represents an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type.
This field contains no embedded white space or non-printable characters. The following types of devices are currently managed by the
system: audio, sr (represents CDROM drives), fd (represents floppy drives), st (represents tape drives), rmdisk (removable media
devices).
reserved1
On systems configured with Trusted Extensions, this field stores a colon-separated (:) list of key-value pairs that describe device
allocation attributes used in Trusted Extensions. Zero or more keys can be specified. The following keys are currently interpreted by
Trusted Extensions systems:
minlabel
Specifies the minimum label at which device can be allocated. Default value is admin_low.
maxlabel
Specifies the maximum label at which device can be allocated. Default value is admin_high.
zone
Specifies the name of the zone in which device is currently allocated.
class
Specifies a logical grouping of devices. For example, all Sun Ray devices of all device types. There is no default class.
xdpy
Specifies the X display name. This is used to identify devices associated with that X session. There is no default xdpy value.
reserved2
Represents a field reserved for future use.
auths
Represents a field that contains a comma-separated list of authorizations required to allocate the device, an asterisk (*) to indicate
that the device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device. The
default authorization is solaris.device.allocate. See auths(1).
device-exec
The physical device's data clean program to be run any time the device is acted on by allocate(1). This ensures that unmanaged data
does not remain in the physical device between uses. This field contains the filename of a program in /etc/security/lib or the full
pathname of a cleanup script provided by the system administrator.
Notes on device_allocate
The device_allocate file is an ASCII file that resides in the /etc/security directory.
Lines in device_allocate can end with a `' to continue an entry on the next line.
Comments can also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `'.
White space is allowed in any field.
The device_allocate file must be created by the system administrator before device allocation is enabled.
The device_allocate file is owned by root, with a group of sys, and a mode of 0644.
EXAMPLES
Example 1 Declaring an Allocatable Device
Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1) is
named /etc/security/lib/st_clean.
# scsi tape
st0;
st;
reserved;
reserved;
solaris.device.allocate;
/etc/security/lib/st_clean
Example 2 Declaring an Allocatable Device with Authorizations
Declare that physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script
used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean.
# floppy drive
fd0;
fd;
reserved;
reserved;
solaris.device.allocate;
/etc/security/lib/fd_clean
Making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If a device
is not allocatable, there is an asterisk (*) in the auths field, and no one can use the device.
FILES
/etc/security/device_allocate
Contains list of allocatable devices
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4), attributes(5)
NOTES
The functionality described in this man page is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.
On systems configured with Trusted Extensions, the functionality is enabled by default. On such systems, the device_allocate file is
updated automatically by the system.
SunOS 5.11 12 May 2008 device_allocate(4)