wtmp purge and list of users that haven't logged in over 90 days - Aix

This is a discussion on wtmp purge and list of users that haven't logged in over 90 days - Aix ; Just wondering if there is an existing script or a better method to do these two things. 1. wtmp purge: Currently I output wtmp, tail off a certain number of lines, and update wtmp. Problem with that is it isn't ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: wtmp purge and list of users that haven't logged in over 90 days

  1. wtmp purge and list of users that haven't logged in over 90 days


    Just wondering if there is an existing script or a better method to do
    these two things.

    1. wtmp purge:

    Currently I output wtmp, tail off a certain number of lines, and
    update wtmp.
    Problem with that is it isn't time based, but rather a guesstimate of
    when to chop the file.
    I'd like to accurately keep the last 120 days and archive anything
    previous.


    2. Deactivate users that haven't logged in over 90 days:

    I'm hacking this one as well by running through the usernames with the
    last command.
    If the month on the time listed doesn't match the last 3 months
    possible, then we log it and deactivate it.
    Picking the last three months is a manual job at present.

    Is there a better method?


  2. Re: wtmp purge and list of users that haven't logged in over 90 days

    On Sep 18, 6:50 am, Scottz wrote:
    > Just wondering if there is an existing script or a better method to do
    > these two things.
    >
    > 1. wtmp purge:
    >
    > Currently I output wtmp, tail off a certain number of lines, and
    > update wtmp.
    > Problem with that is it isn't time based, but rather a guesstimate of
    > when to chop the file.
    > I'd like to accurately keep the last 120 days and archive anything
    > previous.
    >
    > 2. Deactivate users that haven't logged in over 90 days:
    >
    > I'm hacking this one as well by running through the usernames with the
    > last command.
    > If the month on the time listed doesn't match the last 3 months
    > possible, then we log it and deactivate it.
    > Picking the last three months is a manual job at present.
    >
    > Is there a better method?




  3. Re: wtmp purge and list of users that haven't logged in over 90 days

    On Sep 18, 6:50 am, Scottz wrote:
    > Just wondering if there is an existing script or a better method to do
    > these two things.
    >
    > 1. wtmp purge:
    >
    > Currently I output wtmp, tail off a certain number of lines, and
    > update wtmp.
    > Problem with that is it isn't time based, but rather a guesstimate of
    > when to chop the file.
    > I'd like to accurately keep the last 120 days and archive anything
    > previous.
    >
    > 2. Deactivate users that haven't logged in over 90 days:
    >
    > I'm hacking this one as well by running through the usernames with the
    > last command.
    > If the month on the time listed doesn't match the last 3 months
    > possible, then we log it and deactivate it.
    > Picking the last three months is a manual job at present.
    >
    > Is there a better method?


    mind the CRLF's

    try this for rotating wtmp and some other binary files

    #!/bin/ksh
    # $Id$
    # your name 12/12/2006 rotate AIX log files

    #set -x
    FwTmp=/usr/sbin/acct/fwtmp
    mail_to=root

    if [[ $(whoami) != "root" ]]; then

    print "exiting, must have root access"
    exit 1
    fi
    function mail_errors {
    mailx -s "### ERROR: $0 - failed to $mail_mess $input_file ###"
    $mail_to
    }
    function test_return_code {
    return_code=$?
    if [[ $return_code != "0" ]]; then
    print on host $(hostname) | mail_errors
    exit 1
    fi
    }
    for input_file in /var/adm/wtmp /etc/security/failedlogin /var/adm/
    cron/log ; do
    # check to see if the log files exist
    if [[ -f $input_file ]]; then
    output_file=${input_file}."$( date +%Y ).$( date +%W)"
    # if the output file exists, we'll skip the file - means we're
    rerunning
    if [[ -e ${output_file}.gz ]]; then
    continue
    fi
    # create a text output file from the binary input
    mail_mess="create text file"
    $FwTmp < $input_file > $output_file
    test_return_code
    # truncate the $input_file
    mail_mess="truncate input file"
    $FwTmp -ic < /dev/null > $input_file
    test_return_code
    # compress text file
    mail_mess="compress text file"
    gzip -qf $output_file
    test_return_code
    fi
    done

    this one is for spotting dodgy users, you could just add a chuser to
    the step

    #!/bin/ksh
    # $Id$
    # MHB 29/08/2002 original scripting
    # MHB 28/03/2007 change for MoH
    # MHB 15/05/2007 fixed duplicate $never_logged_in
    printing bug
    # audit all users on host
    # get the seconds since epoch
    secs_since_epoch=$(perl -le 'print time')
    function do_the_thing
    {
    # function to test a string to see if the test created any output
    if [[ -n "$1" ]]; then
    # and print the string
    print "$1" | troff -a
    fi
    }
    function put_it_out_there
    {
    do_the_thing "$no_password_aging"
    do_the_thing "$all_locked_accounts"
    do_the_thing "$never_logged_in"
    do_the_thing "$not_for_ninety"
    do_the_thing "$passwd_set_never_logged_in"
    do_the_thing "$too_many_unsuccessful"
    do_the_thing "$has_it_expired"
    }
    # get list of all local users, conveniently excludes finding default
    stanzas
    for user_name in $( awk -F':' '{print $1}' /etc/passwd | sort ) ; do

    # check for password aging
    if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':"{ if (/minage|maxage/ ){print $0} } ' /
    etc/security/user ) ]]; then
    if [[ -z $no_password_aging ]]; then
    no_password_aging=$( print no passwd aging -
    $user_name )
    else
    no_password_aging=$( print $no_password_aging
    $user_name )
    fi
    fi
    # check for locked accounts
    if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':"{ if (/account_locked = true/ ){print
    $0} } ' /etc/security/user ) ]]; then
    if [[ -z $all_locked_accounts ]]; then
    all_locked_accounts=$( print locked users -
    $user_name )
    else
    all_locked_accounts=$( print
    $all_locked_accounts $user_name )
    fi
    fi
    # check for accounts that have never logged in
    if [[ -z $( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'$user_name':" ' /etc/security/lastlog) ]] || [[ -n $
    ( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':" { if (!/time_last_login/ ){print
    $1} } ' /etc/security/lastlog ) ]]; then
    if [[ -z $never_logged_in ]]; then
    never_logged_in=$( print never logged in -
    $user_name )
    else
    never_logged_in=$( print $never_logged_in
    $user_name )
    fi
    fi
    # check to see if not logged in for last 90 days
    if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':"{ if (/time_last_login/ ){print $1} }
    ' /etc/security/lastlog) ]]; then

    if (( $secs_since_epoch - $( awk 'BEGIN{ FS = "\n"; RS
    = ""}
    $1 == "'"$user_name"':"{if (match($0,/time_last_login
    = [0-9]+/) ){
    print substr($0, RSTART+18, 10)} }' /etc/security/
    lastlog ) > 7776000 )); then
    if [[ -z $not_for_ninety ]]; then
    not_for_ninety=$( print not used 90+ -
    $user_name )
    else
    not_for_ninety=$( print
    $not_for_ninety $user_name )
    fi
    fi
    fi
    # check to see if password set, but user never logged in
    if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':"{ if (/flags = ADMCHG/ ){print $1} }
    ' /etc/security/passwd) ]]; then
    if [[ -z $passwd_set_never_logged_in ]]; then
    passwd_set_never_logged_in=$( print passwd set
    but user never logged in - $user_name )
    else
    passwd_set_never_logged_in=$( print
    $passwd_set_never_logged_in $user_name )
    fi
    fi
    # check number of unsuccessful logins
    num_unsuccessful_logins=$( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':" {if (match($0,/
    unsuccessful_login_count = [0-9]+/) )
    {print substr($0, RSTART+27, 1)} }' /etc/security/lastlog )
    if [[ -n $num_unsuccessful_logins ]] &&
    (( $num_unsuccessful_logins >= 4 )) ; then
    if [[ -z $too_many_unsuccessful ]]; then
    too_many_unsuccessful=$( print 5 or
    more unsuccessful logins - $user_name )
    else
    too_many_unsuccessful=$( print
    $too_many_unsuccessful $user_name )
    fi
    fi

    # check to see if the password has expired
    time_now=$(perl -le 'print time')
    password_last_update=$( awk 'BEGIN{ FS = "\n"; RS = ""}
    $1 == "'"$user_name"':" { if (match($0,/lastupdate/) )
    {print substr($0, RSTART+13, 10)} } ' /etc/security/passwd )
    if [[ -n $password_last_update ]]; then
    if (( $(( $time_now - $password_last_update )) > $
    (( 60*60*24*7*4)) )); then
    if [[ -z $has_it_expired ]]; then
    has_it_expired=$( print Password older
    than 4 weeks - $user_name )
    else
    has_it_expired=$( print
    $has_it_expired $user_name )
    fi
    fi
    fi
    done
    if [[ $1 = "-o" ]]; then
    this_script=$(basename $0)
    output_file=/var/adm/rebuild/${this_script%%.sh}.txt
    print '$Id$' >$output_file
    put_it_out_there >>$output_file
    else
    put_it_out_there
    fi


+ Reply to Thread