Finding user accounts not accessed for a specific number of days


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Finding user accounts not accessed for a specific number of days
# 1  
Old 09-15-2011
Java Finding user accounts not accessed for a specific number of days

Hi all,

Recently I came across a challenge of finding the user accounts lying around on servers and not being used so much. Our client has hundreds of AIX, RedHat, and Solaris servers.

For AIX, I have made a script which uses lsuser and a little bit of sed and awk to show the user accounts which are not accessed for say 30 days.

Problem is I am not able to come up with the same result for Linux and Solaris servers.

For Linux, I'm using this to see the last login time for a specific user:

Code:
utmpdump /var/log/wtmp | grep user | tail -n1

And, for Solaris, I'm using this for the same:

Code:
last -f /var/adm/wtmpx | grep user | tail -n-1

But, I need to think a way of getting a list of users who have not logged in for 30 days for Linux and Solaris servers.

So here I am, asking for help from you guys. Thanks Smilie

----------------------
Update: I have come up with the below script for Linux and Solaris for the same issue. I am pasting here for those people who just bump into this thread from search engines.
Hope this script helps.

Code:
#!/bin/bash  # this script searches for the user ids which have not been used for a specific # number of days   # the number of days to be monitored expdays=30 expiry=$(( 86400*$expdays ))  LOG1=/tmp/inactive_usr_$expdays_days.$( date '+%m-%d-%Y' ).log LOG2=/tmp/never_logged_usrs.$( date '+%m-%d-%Y' ).log tmp1=/tmp/tmp1.log.$$  # list out the accounts which can be used to log in to the server  cat /etc/passwd | grep -Ev ^"root|daemon|nobody|adm|sys" | cut -d ":" -f1 >>$tmp1  # date and time calculation with respect to unix epoch  year=$( date +%Y )  today=$( date +%s )  # now, for each of the user listed above, run a check if the last logged in time exceedes the specified number of days.  cat $tmp1 | while read usr; do         umnt=$( last -1 $usr | head -1 | awk '{ print $5 }' )         uday=$( last -1 $usr | head -1 | awk '{ print $6 }' )         uhour=$( last -1 $usr | head -1 | awk '{ print $7 }' | cut -d ":" -f1 )         umin=$( last -1 $usr | head -1 | awk '{ print $7 }' | cut -d ":" -f2 )          # the below line checks and stores the IDs which were never used         if [ ! $uday ] || [ ! $uhour ] || [ ! $umin ]; then             echo "$usr:__NeveR__" >>$LOG2         else             llogin=$( date +%s -d"$umnt $uday, $year $uhour:$umin:01" )             mini=$(( $today-$llogin ))             if [[ $mini -gt $expiry ]]; then                 login=$(( ($today-$llogin)/86400 ))                 echo "$usr:$login" >>$LOG1             fi         fi done  rm -f $tmp1


Last edited by admin_xor; 09-18-2011 at 11:08 AM.. Reason: Update: The Script I have written for Linux and Solaris
# 2  
Old 09-16-2011
In Linux I can think of using the following command in some kind of efficient looping for each user

last -t YYYYMMDDHHMMSS <user>
This User Gave Thanks to sandip_pan For This Post:
# 3  
Old 09-16-2011
Some systems have an empty file called $HOME/.lastlogin that is "touched" each time the user logs in.
This User Gave Thanks to jgt For This Post:
# 4  
Old 09-16-2011
finger also provide last or no login info, or on since.
# 5  
Old 09-16-2011
On POSIX systems
Code:
last -1 username

Gives full information on the last login for a given user
This User Gave Thanks to jim mcnamara For This Post:
# 6  
Old 09-16-2011
Im a bit bit tired so I may say a load of crap...IMHO
rather than:
Code:
last -f /var/adm/wtmpx | grep user | tail -n-1

why not e.g
Code:
 $ finger -sw user|tail -1
 $ last user|head -1

But you could read in a loop all the lines of just the output of last till the date you want in a file, keep the first field (user name) make them uniq and use that to against user database
This User Gave Thanks to vbe For This Post:
# 7  
Old 09-16-2011
Since a user can become active through non-logins like rsh cmd, ssh cmd, sudo, su or set-uid, it'd be nice if there was a way to track this, but it would add overhead. Every time anyone uses a set-uid command, the user, maybe root, gets a hit. Time sharing accounting used to be a big deal, but not so much now.
This User Gave Thanks to DGPickett For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Finding AIX user accounts expired or locked

// AIX 6.1 In need of finding which AIX user accounts will be expired and are locked. I have placed the following parameters under /etc/security/user... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

2. Shell Programming and Scripting

getting timestamp of a file and if it was accessed today then finding a line in it

i have my files and the variables value extracted from db is taken as in1=slot0312 in2=best in3=it is :veryliong/fine as varibles.. i have a folder stuctures in my unix machine as : /2011/hand_sl0312/best/HOD/file1.txt /2011/hand_sl0312/happy/HOD/file1.txt... (1 Reply)
Discussion started by: rajniman
1 Replies

3. Shell Programming and Scripting

Number of days between the current date and user defined date

I am trying to find out the number of days between the current date and user defined date. I took reference from here for the date2jd() function. Modified the function according to my requirement. But its not working properly. Original code from here is working fine. #!/bin/sh... (1 Reply)
Discussion started by: hiten.r.chauhan
1 Replies

4. UNIX for Dummies Questions & Answers

Number of files accessed this week

I have looked around on the internet and still i am no wiser as to how to show the number of files in a directory that have been accessed this week and also that as a percentage. Any help would be much appreciated. (5 Replies)
Discussion started by: RAFC_99
5 Replies

5. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

6. UNIX for Dummies Questions & Answers

single user mode - user accounts passwords

hello ppl, someone must be able to help with this --> I have an old NCR tower 32 with an ADDS terminal running a unix version 020102 (Im not sure if thats correct but its unix for sure). I have no user names and no passwords and need to login to read a tape. Is there any way to do that? I hear... (3 Replies)
Discussion started by: orestis
3 Replies

7. Shell Programming and Scripting

Finding The Number Of Programs That A Given User Running On A TERMINAL

How To Find The Number Of Programs That A User Running ON A GIVEN TERMINAL (4 Replies)
Discussion started by: venkata.ganesh
4 Replies

8. Shell Programming and Scripting

Counting Number of times a File is accessed

Hi, I need to count the number of times a script is accessed from within the script. Is it possible ? Example: I have a script called lo.sh and i execute the script for the first time, then the counter variable declared inside the lo.sh should increment by 1. For every execution the... (1 Reply)
Discussion started by: pathanjalireddy
1 Replies

9. Shell Programming and Scripting

User Accounts

I have found a script to create user accounts. But there are a few lines i dont understand. Can someone help me with this? Here's the code: ###################################### while ; do ACCT=${USER_ACCT}${START} START=`expr $START + 1` START=`echo ${START} | awk... (3 Replies)
Discussion started by: Sensor
3 Replies
Login or Register to Ask a Question