User ID Script Help 2

[miteshdmanek]

I need to run a script/command to identify users on my system that haven't logged in within the last 30/60/90 days.

What is the best way of going about this? I'm guessing doing a query on /etc/lastlog? How do I convert the date.

If someone has an example of a script that can do this that would be great!

 

[miteshdmanek]

Sorry - just to be more specific....

I want to cat the /etc/security/lastlog file and grep for just the username and lastlogin time. Then I want to convert the seconds to a "real" date and out it in a csv file with a simple username, last login/never logged in type output.

I am just very weak at scripting and could use some help.

Thanks!

 

[KenCunningham]

Hi. There are several threads dealing with this sort of thing, perhaps a keyword search for 'last login' in this forum might help give you some ideas which you can adapt. Just for starters, have a look at Thread52-953818 . HTH.

I don't mind people who aren't what they seem. I just wish they'd make their mind up.

 

[miteshdmanek]

Thanks for the reply.....The command

lsuser -f -a time_last_unsuccessful_login ALL |\^J perl -p -e 's/=(\d+)/sprintf("= %s",scalar localtime $1)/e'

Gave me the output in the following format:

bp4929:
time_last_unsuccessful_login= Thu Nov 2 16:28:25 2006

cmsoms:
time_last_unsuccessful_login= Mon Dec 25 09:58:14 2006


What I really need is the output in Username, Lastlogin format in a csv type format. My scripting is very weak and I don't have time to mess with this so was hoping for a quicky reply on the forum. Please help if you can.

 

[sbrews]

Try this:

lsuser -c -a time_last_login ALL | perl -p -e 's/:(\d+)/sprintf(", %s",scalar localtime $1)/e'|grep -v \#

Note: The above is one whole line

It will return output in this format:

scbrewst, Tue Oct 17 16:45:25 2006

If the user has no last login - ie never logged in - it will just print their username.

 

[miteshdmanek]

Thank you all so much for your help!

 

[sbrews]

PS - the credit for that command belongs to RonKnowlton. I just took his command from the thread referenced above and modified to give the output in CSV format.

 

[sbrews]

er... that should be RodKnowlton.

 

[RodKnowlton]

Thanks for the credit, sbrews.

I got tired of having to read through all the stats, so here's a script to show only the users that aren't already locked and are either over 60 days or never logged in. It provides tab delimited output. Season to taste.

#!/bin/ksh

# check for users not logged in in past 60 days

lsuser -a time_last_login account_locked gecos ALL \
| grep -v "locked=true" \
| sort | perl -ne '
BEGIN{
	$cutoff=(time - (3600*24*60));
	$hostname = `hostname`;
	chomp $hostname;
}
if ( $_ =~ /^(\w+) time_last_login=(\d+).*gecos=(.*)$/ )
{
printf( "%s\t%s\t%s\t%s\n", $hostname ,$1, scalar localtime $2, $3) if $2 < $cutoff;
}
else
{
printf( "%s\t%s\tnever logged in\t%s\n",$hostname,$1,$2)  if /^(\w+).*gecos=(.*)$/;
}
'

HTH,

Rod


IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

Wish you could view posts with a fixed font? Got Firefox & Greasemonkey? Give yourself the option.