auditing user 2

[adimstec]

Hello everyone,

On AIX 5.2.
I try to make a script allowing me to see which user is not allow to log in because his passwd had expired.
Can anyone have any idea.
Thanx in advance

 

[Ogzilal]

Hi,

If the meaning of password expired is a login that overpassed maxage attribute weeks without changing then here is some ideas to start with :

1) get laste update date from /etc/security/passwd for a given login : eg: lastupdate = 1126527131
2) get maxage attribute in weeks for the same login from /etc/security/user : eg : maxage = 12
3) get today's date in secondes (epoch date)
4) convert maxage in seconds eg 12*7*24*60*60)
5) compute expired date = maxage in seconds + lasteupdate
6) compare today'date and the expired date of the password computed in 5) and decide of an action.

 

[p5wizard]

This is what I use

NOW=$(perl -we "print time")
printf "%-9s%8s%12s%12s%12s %s\n" username maxage lastupdated expirydate now remark
lsuser -a maxage ALL|grep -v maxage=0|sed "s/maxage=//"|while read user maxage
do
 lastupd=$(pwdadm -q $user|\
           grep lastup|\
           awk '{print $3}')
 if [ "${lastupd}" = "" ]
 then
  ((lastupd=NOW))
 fi
 expd=$(echo "$lastupd + ($maxage * 7 * 24 * 60 * 60)"|bc)
 if ((NOW>expd))
 then
  printf "%-9s%8d%12d%12d%12d %s\n" $user $maxage $lastupd $expd $NOW "password has expired"
 else
  printf "%-9s%8d%12d%12s%12s %s\n" $user $maxage $lastupd "" "" "password is still valid"
 fi
done

Can be beautified e.g. convert epoch-type date to string but I was not worried about that at the time of writing.


HTH,

p5wizard

 

[adimstec]

aau,p5wizard,

Thank you very much for your interresting post.
Unfortunately, we don't use perl but I will create a Ksh script influenced by the script in perl.
How do I convert date in seconds ?

Again, thank you.

 

[p5wizard]

It IS already a ksh script...

The only reason you see perl in that first line is to get the system date in the format "seconds since 01/01/1970 00:00:00 GMT" - I got that out of another thread in this forum.

HTH,

p5wizard

 

[p5wizard]

from that same post (thread52-284459)

now=$(perl -we "print time")
str_now=$(perl -we "print scalar localtime ${now}"

echo ${now}
echo ${str_now}

above is also ksh script code



HTH,

p5wizard

 

[Ogzilal]

Hi,

Here is a full ksh script to convert a given date in seconds since epoch.

#!/bin/ksh
#
# shell script to convert GMT date to epoch date
# if no date is given today's date is converted
# epoch = 01/01/1970 00:00:00 GMT = ctime(0)
#
#-------------------------------------------
# determine if a given year is leap or not
#-------------------------------------------
function leap_year {
        YEAR=$1
        (( REST_BY_4=YEAR%4 ))
        (( REST_BY_100=YEAR%100 ))
        (( REST_BY_400=YEAR%400 ))
        if [ "$REST_BY_4"  -eq 0 -a "$REST_BY_100" -ne 0 -o "$REST_BY_400" -eq 0
 ]
        then
                return 0
        else
                return 1
        fi
} # end leap_year

#-------------------------------------------
# determine if a param is given
#-------------------------------------------
if [ "$#" -ne 0 ]
then
        GMT_DATE=$1
        case ${#GMT_DATE} in
        14)
                GMT_DATE=${1} ;;
        12)
                GMT_DATE=${1}00 ;;
        10)
                GMT_DATE=${1}0000 ;;
        8)
                GMT_DATE=${1}010000 ;;
        6)
                GMT_DATE=${1}01000000 ;;
        *)
                print "date not in correct format"
                print "Usage : $0 YYYYMMDD[HH[MN[SS]]]"
                exit 0 ;;
        esac
fi
#--------------------
# tokenize given date
#--------------------
if [ ! -z "$GMT_DATE" ]
then
        set  $( echo $GMT_DATE |awk '{
                x=$1;
                yy=substr(x,1,4);
                mm=substr(x,5,2);
                dd=substr(x,7,2);
                hh=substr(x,9,2);
                mn=substr(x,11,2);
                ss=substr(x,13,2);
                printf "%4d %2d %2d %2d %2d %2d\n",yy,mm,dd,hh,mn,ss;
        }' )
else
        set $(date -u +"%Y %m %d %H %M %S")
fi

integer YYYY=$1
integer MM=$2
integer DD=$3
integer HH=$4
integer MN=$5
integer SS=$6

integer NUMBER_OF_FEB29=0;

leap_year $YYYY
if [ "$?"  -eq 0 ]
then
        if [ MM -gt 2 ]
        then
                 NUMBER_OF_FEB29=1
        fi
fi

#-------------------------------------------
# determine days since january 1st
#-------------------------------------------
integer DAYS_SINCE_JANUARY=0;
case $MM in
        2) DAYS_SINCE_JANUARY=31;;
        3) DAYS_SINCE_JANUARY=59;;
        4) DAYS_SINCE_JANUARY=90;;
        5) DAYS_SINCE_JANUARY=120;;
        6) DAYS_SINCE_JANUARY=151;;
        7) DAYS_SINCE_JANUARY=181;;
        8) DAYS_SINCE_JANUARY=212;;
        9) DAYS_SINCE_JANUARY=243;;
        10) DAYS_SINCE_JANUARY=273;;
        11) DAYS_SINCE_JANUARY=304;;
        12) DAYS_SINCE_JANUARY=334;;
esac

integer DAYS=DD+NUMBER_OF_FEB29+DAYS_SINCE_JANUARY;

#-----------------------------------------------------------------
# determine number of leap_year since epoch origine and GMT date
#-----------------------------------------------------------------
integer EPOCH=0;
integer IY=0;
NUMBER_OF_FEB29=0;
if [ YYYY -gt 1970 ]
then
        IY=1970
        while [ $IY -lt $YYYY ]
        do 
                leap_year $IY
                if [ $? -eq 0 ]
                then
                        (( NUMBER_OF_FEB29+=1 ))
                fi
                (( IY+=1 ))
        done
fi
if [ YYYY -lt 1970 ]
then
        IY=YYYY
        while [ $IY -lt 1970 ]
        do
                leap_year $IY
                if [ $? -eq 0 ]
                then
                        (( NUMBER_OF_FEB29-=1 ))
                fi
                (( IY+=1 ))
        done
fi    
#-------------------------------------------
# convert all this in secondes
#-------------------------------------------
(( EPOCH = (YYYY - 1970) * 365 * 24 * 60 * 60 ))
(( EPOCH = EPOCH + ( DAYS - 1 + NUMBER_OF_FEB29 ) * 24 * 60 * 60  ))
(( EPOCH = EPOCH + ( HH * 60 * 60 ) ))
(( EPOCH = EPOCH + ( MN * 60 ) ))
(( EPOCH = EPOCH + SS ))
print $EPOCH;