Here is a shell script written some time ago to gather the user information on AIX servers, I'm sure that the output could be used to feed a second script to remove the users - comes without warranty - use with caution. This was used as we had servers with 15k local accounts and they changed at the rate of about 60 a week, so we had to develop tools to manage.
Code:
#!/bin/ksh
#$Id$
############################################################################################
#
# Check for unused accounts on AIX systems, required that Perl is installed.
#
############################################################################################
# The original script was found on the Web and adapted to suit our environment.
############################################################################################
#
# Dave Hoojikaflip - 14/06/2009
#
############################################################################################
#
# Change History.
#
# Newest Changes to the top please.
#
############################################################################################
############################################################################################
#
# Get the seconds from the epoch.
#
############################################################################################
secs_since_epoch=$(perl -le 'print time')
############################################################################################
#
# Declare function to check what output there was from a test - and make it readable.
#
############################################################################################
function do_the_thing
{
if [[ -n "$1" ]]; then
print "$1" | troff -a
fi
}
############################################################################################
#
# Declare function
#
############################################################################################
function put_it_out_there
{
do_the_thing "$no_password_aging"
do_the_thing "$all_locked_accounts"
do_the_thing "$never_logged_in"
do_the_thing "$not_for_ninety"
do_the_thing "$passwd_set_never_logged_in"
do_the_thing "$too_many_unsuccessful"
do_the_thing "$has_it_expired"
}
############################################################################################
#
# List all users, with the exception of the default users.
#
############################################################################################
for user_name in $( awk -F':' '{print $1}' /etc/passwd | sort ) ; do
############################################################################################
#
# Check the aging of the passwords.
#
############################################################################################
if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/minage|maxage/ ){print $0} } ' /etc/security/user ) ]]; then
if [[ -z $no_password_aging ]]; then
no_password_aging=$( print no passwd aging - $user_name )
else
no_password_aging=$( print $no_password_aging $user_name )
fi
fi
############################################################################################
#
# Check to see if any of the accounts are locked.
#
############################################################################################
if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/account_locked = true/ ){print $0} } ' /etc/security/user ) ]]; then
if [[ -z $all_locked_accounts ]]; then
all_locked_accounts=$( print locked users - $user_name )
else
all_locked_accounts=$( print $all_locked_accounts $user_name )
fi
fi
############################################################################################
#
# Check for accounts that have never logged in.
#
############################################################################################
if [[ -z $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'$user_name':" ' /etc/security/lastlog) ]] || [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" { if (!/time_last_login/ ){print $1} } ' /etc/security/lastlog ) ]]; then
if [[ -z $never_logged_in ]]; then
never_logged_in=$( print never logged in - $user_name )
else
never_logged_in=$( print $never_logged_in $user_name )
fi
fi
############################################################################################
#
# Have any accounts not been used for the last 90 days.
#
############################################################################################
if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/time_last_login/ ){print $1} }' /etc/security/lastlog) ]]; then
if (( $secs_since_epoch - $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{if (match($0,/time_last_login/ = [0-9]+/) ){ print substr($0, RSTART+18, 10)} }' /etc/security/lastlog ) > 7776000 )); then
if [[ -z $not_for_ninety ]]; then
not_for_ninety=$( print not used 90+ - $user_name )
else
not_for_ninety=$( print $not_for_ninety $user_name )
fi
fi
fi
###########################################################################################
#
# Check to see if the password has been set, but account not used.
#
###########################################################################################
if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/flags = ADMCHG/ ){print $1} } ' /etc/security/passwd) ]]; then
if [[ -z $passwd_set_never_logged_in ]]; then
passwd_set_never_logged_in=$( print passwd set but user never logged in - $user_name )
else
passwd_set_never_logged_in=$( print $passwd_set_never_logged_in $user_name )
fi
fi
###########################################################################################
#
# Now we count the number of failed logins.
#
###########################################################################################
num_unsuccessful_logins=$( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" {if (match($0, unsuccessful_login_count = [0-9]+/) ) {print substr($0, RSTART+27, 1)} }' /etc/security/lastlog )
if [[ -n $num_unsuccessful_logins ]] && (( $num_unsuccessful_logins >= 4 )) ; then
if [[ -z $too_many_unsuccessful ]]; then
too_many_unsuccessful=$( print 5 or more unsuccessful logins - $user_name )
else
too_many_unsuccessful=$( print $too_many_unsuccessful $user_name )
fi
fi
###########################################################################################
#
# Have any of the accounts got an expired password.
#
###########################################################################################
time_now=$(perl -le 'print time')
password_last_update=$( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" { if (match($0,/lastupdate/) ) {print substr($0, RSTART+13, 10)} } ' /etc/security/passwd )
if [[ -n $password_last_update ]]; then
if (( $(( $time_now - $password_last_update )) > $(( 60*60*24*7*4)) )); then
if [[ -z $has_it_expired ]]; then
has_it_expired=$( print Password older than 4 weeks - $user_name )
else
has_it_expired=$( print $has_it_expired $user_name )
fi
fi
fi
done
##########################################################################################
#
# All done, lets get the output to some where - so as we can have a look at it.
#
##########################################################################################
if [[ $1 = "-o" ]]; then
this_script=$(basename $0)
output_file=/var/adm/rebuild/${this_script%%.sh}.txt
print '$Id$' >$output_file
put_it_out_there >>$output_file
else
put_it_out_there
fi
This script was found on the web and adapted by me, it did work fine - I nolonger have any AIX to test it on - so you'll have to run this first on a sandbox system which will need perl installed.
Regards
Dave
Last edited by gull04; 09-12-2014 at 12:19 PM..
Reason: Additional notes.
I have 85 Unix servers & I need to add single user ID on multiple servers at same time
Can anyone help in this?
I have written one script for single servers.same I need to user for multiple servers
#!/bin/sh
echo Enter user login ID
read loginID
echo Enter Group ID
read GroupID
... (6 Replies)
Hi all,
i have to need one script:
1. it will capture the unused user accounts in /export/home directory.
2. it will capture the locked user accounts in /export/home directory.
Note: locked accounts will show in /etc/passwd like /bin/false --> (instead of ksh it will show false)
the... (1 Reply)
Hi All,
Am New to shell scripting , Can u please Help me to Create a shell script which Creates Multiple Users (say up to 250 users) ,am using Rehat server 5 enterprise Edition .. I am really in need of this script So tat i can save time and effort for this Job ..
KIndly help me Please ... (1 Reply)
Hi everyone, I am trying to use loop (for loop but can be any loop) which will read from the file (text file) which will have 2 column one for account and another for server which kind of look like this
account1 server1
account2 server2
account3 server1
account4 server1
5 server3
6 server2... (1 Reply)
I am trying to write a script to change passwords for the same user on multiple servers.
My environment runs purely ssh / scp not rsh / rcp and therefore coping using rcp is not an option.
I have been playing with expect to perform tasks but think there must be a better way.
Has anyone got... (7 Replies)
Hi,
I am running a shell script from a central server to multiple remote servers using the following code:
application_check()
{
# Linux/UNIX box with ssh key based login
SERVERS=`cat /tmp/server-details`
# SSH User name
USR="user"
# create new file
> /tmp/abc.log
# connect... (2 Replies)
Hi, I'm new to the world of UNIX and have been asked to create a complex script (at least complex to me:confused:) for AIX UNIX to create a report of all the users on the server including server, user, UID, groups, GID, etc.
Found a script using lsuser, but the output is still lacking. 2 things I... (2 Replies)
Hello Experts,
Need some direction on creating shell script for following environment:
We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
09-12-2014
