We are using c2 / enhanced security on digital unix.
I do not have access to the GUI.
I need to get information on login status for users. Specifically I would like to know who has not logged in within the last 6 months.
I think I can query the edauth files, but I can't find information on what codes to look for and what they mean as far as status.
Check out the info on this message at DBforums.com - then look at the format of prpasswd
You will be interested in this:
u_max_login_intvl
A numeric value representing the maximum time, in seconds, since
last successful login before account is disabled. If set for an
account (or system-wide), the user is automatically considered
"locked out" if the last successful login was more than the
specified interval before the current time. As with other
is_locked_out() checks, the grace-period feature allows an over-
ride.
You will need to use a programming language (Perl works) to look at the interval of last login to today's date.
More specifically:
I need to report anyone who has passed their "life time log in" ..this means they have not logged on in so long their id is now locked.
I also need to report the status of the users.
There is a status in the auth file, I want to be able to just query the auth file and get this info for reporting. but i do not know the values and meanings in the parms.
#!/u/bin/perl
#
# checkdate - a script to check a date (how long ago)
#
# Created 05/07/02 HOG
# ==========================================================================
# Set up variables
$getepoch= time () /60 /60 /24 ;
($nowepoch, $junk) = split (/\./, $getepoch, 2);
$arguement = $ARGV[0];
$diff=$nowepoch - $arguement;
print "Password reset $diff days ago - $nowepoch - $arguement\n";
# -------------------------------------------------------------------------
It gets the time now since epoch and takes off the amount from the third field from /etc/shadow - so if my user daniel last changed their password 12058 - the script converts it to how many days ago. You would have to change it to grab the correct field you are looking for (and add in to look into a file )
Example from /etc/shadow (modified username and encrypted password ;-):
daniel:xxxx:12058::35:14:::
# ./checkdate.pl 12058
Password reset 11 days ago - 12069 - 12058
The 12069 is today. 12058 was 11 days ago. I'm looking for folks who haven't changed their password in 60+ days but never automated it into a report - you could change this to do that but would have to be able to look into your file that contains the info and then put out a report of anyone 180+ days ago (approximatly 6 months).
Dear All,
Thank you for your support. As promised I have upgrade features for unix.com forum VIP members as follows:
Who's Online Permissions
Can View IP Addresses
Can View Detailed Location Info for Users
Can View Detailed Location Info of Users Who Visit Bad / No Permission... (0 Replies)
Hi All,
I am going to perform some activity in 2Node HA Server(Active/Passive).
For that i have to do some pre-requsite (ie., Resource Group VG's should be Enhanced-Concurrent)
In my setup, we have two volume groups in one RG. In that one VG is Normal and another is Enhance Concurrent.
... (2 Replies)
Hi. I guess this my dummy question is for super-gurus.
I'm on Red Hat' documentation regarding their RDMA capabilities over "convergent" Ethernet network. I read everything that I could find on inet, wikipedia etc. about the technology itself. I can't figure out, how can I determine if the... (0 Replies)
Dear
I have a problem on which I turn araound since hours.
Hope you could help me.
I have a bash script, which activates with "nohup ./script2 params & " several subscripts.
In my main script, I have set lot's of variables, which I would pass into script 2.
My idea is now to create a... (3 Replies)
Are there any standard programs in linux/unix like tcpdump that store packets' headers in db (Berkeley DB is preffered, including secondary db's to index stored headers by IP addesses, TCP flows, etc.), provide search in db and convert found headers to tcpdump dumpfile format? (12 Replies)
for sco, hp, or AIX......
anyway, how can I secure the UNIX system.
I knew that CA has it's products for securing the UNIX server system.
Please tell me more about other vender, and their products
thxs! (0 Replies)
Hello;
I am moving a customer from Solaris 2.6 to Solaris 2.8. The customer has requested the following two requirements also be implemented:
1. Lock a user account out for X number of days after 3 unsuccessful login attempts.
2. No reuse of the last 5-10 passwords. Also referred to... (1 Reply)
01-17-2003
C2 or enhanced security