01-17-2003
This will help you start -
#!/u/bin/perl
#
# checkdate - a script to check a date (how long ago)
#
# Created 05/07/02 HOG
# ==========================================================================
# Set up variables
$getepoch= time () /60 /60 /24 ;
($nowepoch, $junk) = split (/\./, $getepoch, 2);
$arguement = $ARGV[0];
$diff=$nowepoch - $arguement;
print "Password reset $diff days ago - $nowepoch - $arguement\n";
# -------------------------------------------------------------------------
It gets the time now since epoch and takes off the amount from the third field from /etc/shadow - so if my user daniel last changed their password 12058 - the script converts it to how many days ago. You would have to change it to grab the correct field you are looking for (and add in to look into a file )
Example from /etc/shadow (modified username and encrypted password ;-):
daniel:xxxx:12058::35:14:::
# ./checkdate.pl 12058
Password reset 11 days ago - 12069 - 12058
The 12069 is today. 12058 was 11 days ago. I'm looking for folks who haven't changed their password in 60+ days but never automated it into a report - you could change this to do that but would have to be able to look into your file that contains the info and then put out a report of anyone 180+ days ago (approximatly 6 months).
7 More Discussions You Might Find Interesting
1. Solaris
Hello;
I am moving a customer from Solaris 2.6 to Solaris 2.8. The customer has requested the following two requirements also be implemented:
1. Lock a user account out for X number of days after 3 unsuccessful login attempts.
2. No reuse of the last 5-10 passwords. Also referred to... (1 Reply)
Discussion started by: rambo15
1 Replies
2. UNIX for Advanced & Expert Users
for sco, hp, or AIX......
anyway, how can I secure the UNIX system.
I knew that CA has it's products for securing the UNIX server system.
Please tell me more about other vender, and their products
thxs! (0 Replies)
Discussion started by: brookwk
0 Replies
3. IP Networking
Are there any standard programs in linux/unix like tcpdump that store packets' headers in db (Berkeley DB is preffered, including secondary db's to index stored headers by IP addesses, TCP flows, etc.), provide search in db and convert found headers to tcpdump dumpfile format? (12 Replies)
Discussion started by: Hitori
12 Replies
4. Shell Programming and Scripting
Dear
I have a problem on which I turn araound since hours.
Hope you could help me.
I have a bash script, which activates with "nohup ./script2 params & " several subscripts.
In my main script, I have set lot's of variables, which I would pass into script 2.
My idea is now to create a... (3 Replies)
Discussion started by: pramach
3 Replies
5. UNIX for Dummies Questions & Answers
Hi. I guess this my dummy question is for super-gurus.
I'm on Red Hat' documentation regarding their RDMA capabilities over "convergent" Ethernet network. I read everything that I could find on inet, wikipedia etc. about the technology itself. I can't figure out, how can I determine if the... (0 Replies)
Discussion started by: newlinuxuser1
0 Replies
6. AIX
Hi All,
I am going to perform some activity in 2Node HA Server(Active/Passive).
For that i have to do some pre-requsite (ie., Resource Group VG's should be Enhanced-Concurrent)
In my setup, we have two volume groups in one RG. In that one VG is Normal and another is Enhance Concurrent.
... (2 Replies)
Discussion started by: Thala
2 Replies
7. What is on Your Mind?
Dear All,
Thank you for your support. As promised I have upgrade features for unix.com forum VIP members as follows:
Who's Online Permissions
Can View IP Addresses
Can View Detailed Location Info for Users
Can View Detailed Location Info of Users Who Visit Bad / No Permission... (0 Replies)
Discussion started by: Neo
0 Replies
SHADOW(5) File Formats Manual SHADOW(5)
NAME
shadow - encrypted password file
DESCRIPTION
shadow contains the encrypted password information for user's accounts and optional the password aging information. Included is
Login name
Encrypted password
Days since Jan 1, 1970 that password was last changed
Days before password may be changed
Days after which password must be changed
Days before password is to expire that user is warned
Days after password expires that account is disabled
Days since Jan 1, 1970 that account is disabled
A reserved field
The password field must be filled. The encryped password consists of 13 to 24 characters from the 64 characters alphabet a thru z, A thru
Z, 0 thru 9, . and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES)
algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.
Refer to crypt(3) for details on how this string is interpreted.
The date of the last password change is given as the number of days since Jan 1, 1970. The password may not be changed again until the
proper number of days have passed, and must be changed after the maximum number of days. If the minimum number of days required is greater
than the maximum number of day allowed, this password may not be changed by the user.
An account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the pass-
word expires. An account will also be disabled on the specified day regardless of other password expiration information.
This information supercedes any password or password age information present in /etc/passwd.
This file must not be readable by regular users if password security is to be maintained.
FILES
/etc/passwd - user account information
/etc/shadow - encrypted user passwords
SEE ALSO
chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)
AUTHOR
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
SHADOW(5)