want to find the users who have not logged in from past 60 days
rak
Would like to write a script to find the users who have not logged in
from the past 60 days.. We have AIX 5.3........ any inputs plz? Thanks
Vladimir Usenko
> Hi,
>
> Would like to write a script to find the users who have not logged in
> from the past 60 days.. We have AIX 5.3........ any inputs plz? Thanks
AIX it's powerful OS. :)
You can find information about last login on file `/etc/security/lastlog'
For example:
admin:
time_last_login = 1226593857
tty_last_login = /dev/pts/0
host_last_login = admin.office
unsuccessful_login_count = 0
--
UV-RIPE
rak
> rak ÐÉÛÅÔ:
is there any ready-made script or any ideas in writing such?
Hajo Ehlers
lsuser -a id ALL | awk '{ print $(NF-1) }' |\
while read user ; do
lssec -f /etc/security/lastlog -s "$user" -a time_last_login
done
man lsuser
man lssec
hth
Hajo
rak
>
> - Show quoted text -
I got this script, which looks good
#!/usr/bin/ksh
#set -x
#Try this script.
#It will check and lock the accounts automatically for those logins
that
#have not been used to s set number of days.
expdays=90 #<< ---- Set number of days in past here!
let expiry=86400*$expdays
locked=" "
tmp1=/tmp/exp.tmp1.$$
tmp2=/tmp/exp.tmp2.$$
tmp2a=/tmp/exp.tmp2a.$$
tmp3=/tmp/exp.tmp3.$$
tmp4=/tmp/exp.tmp4.$$
# List all users that are allowed to login
lsuser -a login account_locked time_last_login ALL |grep -Ev ^"root|
daemon|bin|sys|adm|nobody" | grep "login=true" > $tmp1
# get all users who have logged in at least once with login date
grep 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/
account_locked=//' -e 's/time_last_login=//' >$tmp2
# get all users who have not logged in since creation
grep -v 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/
account_locked=//' >$tmp2a
# get today's date in seconds from epoch for comparison
year=`date +%Y`
day=`date +%j`
hour=`date +%H`
minute=`date +%M`
let today="($year - 1970) * 365 * 86400 + ($day - 1) * 86400 + $hour *
3600 + $minute * 60 + ($year - 1969) / 4 * 86400"
# for each user found, check whether has not been unused too long
cat $tmp2 |while read user locked last
do
let min=$today-$expiry
if [[ $min -gt $last ]]
then
let login="($today - $last) / 86400"
echo $user':'$login':'$locked >> $tmp4
#chuser shell='/usr/local/bin/locked'
#account_locked='true' $user
fi
done
any comments??
Hajo Ehlers
now=$( date +%s ) # Number since epoch
expired=$(($now-86400*$days))
maba...@gmail.com
I forget where I found this, but I've used it sucessfully. And it
outputs to Excell!
--------------------
#!/usr/bin/perl
#*********************************************************************
#
# Name: DormantUsers.
#
# Function: Lists all users who have not logged in since a
# specified time.
#
# Usage: DormantUsers [ -h ] | [ -v ] | [ -d <days> ] [ -p ]
#
# Created by:
#
# Amendments:
# 1). Add switch -x to send the output to an Excel
spreadsheet.
# 2). Replace the 'more' command with the 'less' command on
data
# output.
#
# Released:
# v1.0 - 01/11/2004.
# v1.1 - 06/12/2004.
# v1.2 - 18/01/2005.
#
#*********************************************************************
use warnings;
use strict;
use Getopt::Std;
use Spreadsheet::WriteExcel;
sub verify_usage;
sub usage_error;
sub get_user_attributes;
sub print_user_attributes;
sub save_user_attributes2excel;
sub set_up_page_hdrs ($);
sub set_up_col_hdrs ($$);
sub set_up_col_formats ($$);
sub format_user_attributes ($);
#
# Declare and initialise all global variables.
#
our $version = "1.2";
our $basename = $0;
$basename =~ s<.*/><>; ### Store the program base
name ###
$/ = ""; ### Input Record Delimiter set to
### blank line ###
$= = 23; ### No. of lines per screen display
###
our $dormant_days = 90;
our $now = time; ### Store today's date and time
###
our %user_attr = ();
our $output_command = "more -cdluv"; ### Default: screen display
###
#my $less_prompt = "?e(END) .[Press f to scroll forward, b to scroll
back, ";
#$less_prompt .= "q to quit]\\:";
#our $output_command = "less -CeFr~ -P'$less_prompt'";
our $output2excel = 0; ### Boolean flag ###
our $excel_dir = "/tmp";
#
# Main process.
#
{
verify_usage();
get_user_attributes();
unless ( $output2excel ) {
print_user_attributes();
}
else {
save_user_attributes2excel();
}
exit;
}
sub verify_usage() {
#*********************************************************************
#
# Check program flags and arguments.
#
#*********************************************************************
#
# Process program options.
#
my %option = ();
getopts ("d:hpxv", \%option) or usage_error;
usage_error if ( $ARGV [0] );
usage_error if ( defined $option {h} );
die ("$basename: Version $version\n") if ( defined $option {v} );
#
# Process "-d" option, if present.
#
if ( defined $option {d} ) {
usage_error unless ( $option {d} =~ /^\d+$/ );
( $dormant_days = $option {d} ) =~ s/^0+//;
}
#
# Ensure only 1 of options "-p" and "-x" are present.
#
usage_error if ( defined $option {p} ) and ( defined $option
{x} );
#
# Process "-p" option, if present.
#
if ( defined $option {p} ) {
$= = 61; ### No. of lines per printed
page ###
$output_command = "lp -s -dauprt02";
}
#
# Process "-x" option, if present.
#
if ( defined $option {x} ) {
$output2excel = 1;
}
} ### End of sub.
sub usage_error {
#*********************************************************************
#
# Display usage error and exit.
#
#*********************************************************************
die <<EOF;
Usage:
$basename [ -d <days> ] [ -p | -x ]
$basename -h
$basename -v
Switches
========
-d <days> Lists users who have not logged in within the last
<days>,
default = 90.
-p Sends the output to the default printer.
-x Sends the output to an Excel spreadsheet,
($excel_dir/$basename.xls).
-h Displays this message and exits.
-v Displays the program version and exits.
EOF
} ### End of sub.
sub get_user_attributes() {
#*********************************************************************
#
# Get and store all required user account attributes for users who
# have either never logged in or last logged in before a certain
# date.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my $first_uid = 202;
my $threshold = $now - ( 24 * 60 * 60 * $dormant_days );
my $lsuser_command = "lsuser -f ALL";
my $login_name = "";
my @attr_list = ();
my $attr_key = "";
my $attr_value = "";
#
# Run the 'lsuser' command with 'sudo' provided the program is not
# being run by the root user.
#
$lsuser_command = "sudo " . $lsuser_command unless ( $< == 0 );
#
# open input pipe to 'lsuser' command.
#
open (USERLIST, "-|", $lsuser_command)
or die ("$basename: cannot open pipe to '$lsuser_command' - $!
\n");
#
# Process each list of user attributes from the 'lsuser' command.
#
LIST:
while ( <USERLIST> ) {
#
# Ignore user attributes if the 'uid' is before the
# predefined first 'uid' or the 'time_last_login' is
# within the threshold.
#
next LIST if ( /id=-?(\d+)/ ) and ( $1 < $first_uid );
next LIST if ( /time_last_login=(\d+)/ ) and ( $1 >=
$threshold );
#
# Remove any tabs from the input.
#
tr /\t//d;
#
# Split input into login name and list of attributes.
#
($login_name, @attr_list) = split /\n/;
$login_name = substr ($login_name, 0, -1);
#
# Store each user attribute.
#
foreach ( @attr_list ) {
($attr_key, $attr_value) = split /=/;
$user_attr {$login_name} -> {$attr_key} = $attr_value;
} ### End of foreach loop.
} ### End of while loop.
#
# close pipe to 'lsuser' command.
#
close USERLIST
or die ("$basename: error closing pipe to '$lsuser_command' -
$!\n");
} ### End of sub.
sub print_user_attributes() {
#*********************************************************************
#
# Sort and print dormant user account attributes.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my @month = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
my @date_time = ();
my $run_time = "";
my $run_date = "";
my $line_no = 0;
my $login_name = "";
my $uid = "";
my $user_name = "";
my $last_login_date = "";
my $acc_locked = "";
#
# Declare output formats.
#
format STDOUT_TOP =
@<<<<<<<<<<<<
@>>>>>>>
"DORMANT USERS", "Page $%"
As of @<<<< on @<<<<<<<<<<
@>>>>>>>>>>>>>>>>>>>>>>>>
$run_time, $run_date, "Prior to $dormant_days days ago"
No. Login UID User Name Last Login Locked
=== ===== === ========= ========== ======
.
format STDOUT =
@>>> @<<<<<<< @>>> @<<<<<<<<<<<<<<<<<<< @||||||||| @||
$line_no . ".", $login_name, $uid, $user_name, $last_login_date,
$acc_locked
.
#
# open output pipe to required output command.
#
open (STDOUT, "|-", $output_command)
or die ("$basename: cannot open pipe to '$output_command' - $!
\n");
#
# Format the run date and time.
#
@date_time = localtime ($now);
$run_time = sprintf ("%02d", $date_time [2]) . ":";
$run_time .= sprintf ("%02d", $date_time [1]);
$run_date = sprintf ("%02d", $date_time [3]) . " ";
$run_date .= $month [$date_time [4]] . " ";
$run_date .= ($date_time [5] + 1900);
#
# Process each set of user attributes.
#
foreach ( sort keys %user_attr ) {
$line_no++;
$login_name = $_;
($uid, $user_name, $last_login_date, $acc_locked) =
format_user_attributes ($user_attr {$login_name});
#
# Display user attributes line.
#
write;
} ### End of for loop.
#
# close pipe to output command.
#
close STDOUT
or die ("$basename: error closing pipe to '$output_command' -
$!\n");
} ### End of sub.
sub save_user_attributes2excel() {
#*********************************************************************
#
# Sort and save the dormant user account attributes in an Excel
# spreadsheet.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my $row = 0;
my $login_name = "";
my $attr_list = {};
my $uid = "";
my $user_name = "";
my $last_login_date = "";
my $acc_locked = "";
#
# Set the umask for the Excel workbook.
#
umask (0111);
#
# Create the Excel workbook.
#
my $workbook = Spreadsheet::WriteExcel -> new ("$excel_dir/
$basename.xls");
die ("$basename: Error creating Excel workbook '$excel_dir/
$basename' - $!\n")
unless defined $workbook;
#
# Add a worksheet to the Excel workbook.
#
my $worksheet = $workbook -> add_worksheet();
#
# Set up page and column headers and column formats.
#
set_up_page_hdrs ($worksheet);
set_up_col_hdrs ($workbook, $worksheet);
set_up_col_formats ($workbook, $worksheet);
#
# Process each set of user attributes.
#
foreach ( sort keys %user_attr ) {
$row++;
$login_name = $_;
($uid, $user_name, $last_login_date, $acc_locked) =
format_user_attributes ($user_attr {$login_name});
#
# Add a new row to the worksheet.
#
$worksheet -> write ($row, 0, $login_name);
$worksheet -> write ($row, 1, $uid);
$worksheet -> write ($row, 2, $user_name);
$worksheet -> write ($row, 3, $last_login_date);
if ( $acc_locked eq "Yes" ) {
$acc_locked = chr (252);
}
else {
$acc_locked = chr (251);
}
$worksheet -> write ($row, 4, $acc_locked);
} ### End of for loop.
#
# Close the Excel workbook.
#
$workbook -> close()
or (die "$basename: Error closing Excel workbook '$excel_dir/
$basename' - $!\n");
} ### End of sub.
sub set_up_page_hdrs ($) {
#*********************************************************************
#
# Set up the page headers for the current worksheet.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my $worksheet = {};
my $header_line = "";
my $footer_line = "";
my @date_time = ();
my $run_date = "";
my $run_time = "";
#
# Store parameter input.
#
$worksheet = shift;
#
# Format the run date and time.
#
@date_time = localtime ($now);
$run_date = sprintf ("%02d", $date_time [3]) . "/";
$run_date .= sprintf ("%02d", $date_time [4]) . "/";
$run_date .= ($date_time [5] + 1900);
$run_time = sprintf ("%02d", $date_time [2]) . ":";
$run_time .= sprintf ("%02d", $date_time [1]);
#
# Define the page format for the worksheet.
#
$worksheet -> center_horizontally();
$worksheet -> set_margins_LR (0.5);
$header_line = '&L&14&"Arial, Bold"DORMANT USERS';
$header_line .= '&R&14';
$header_line .= "Prior to $dormant_days days ago";
$worksheet -> set_header ($header_line);
$footer_line = '&L&10&"Arial"';
$footer_line .= "Run date: $run_date @ $run_time";
$footer_line .= '&R&10&"Arial"Page &P of &N';
$worksheet -> set_footer ($footer_line);
$worksheet -> repeat_rows(0);
} ### End of sub.
sub set_up_col_hdrs ($$) {
#*********************************************************************
#
# Set up the column headers in the first row of the current
# worksheet within the current workbook.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my $workbook = {};
my $worksheet = {};
#
# Store parameter input.
#
$workbook = shift;
$worksheet = shift;
#
# Define the format for the column headers.
#
my $colhdr_format = $workbook -> add_format();
$colhdr_format -> set_bold (1);
$colhdr_format -> set_italic (1);
$colhdr_format -> set_align ('center');
$colhdr_format -> set_text_wrap (1);
#
# Add the column headers row to the current worksheet,
#
$worksheet -> write (0, 0, "Login Name", $colhdr_format);
$worksheet -> write (0, 1, "UID", $colhdr_format);
$worksheet -> write (0, 2, "User Name", $colhdr_format);
$worksheet -> write (0, 3, "Last Login Date", $colhdr_format);
$worksheet -> write (0, 4, "Account Locked", $colhdr_format);
} ### End of sub.
sub set_up_col_formats ($$) {
#*********************************************************************
#
# Set up the formats for each relevant column of the current
# worksheet within the current workbook.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my $workbook = {};
my $worksheet = {};
#
# Store parameter input.
#
$workbook = shift;
$worksheet = shift;
#
# Define and set the format for column A.
#
my $col_A_format = $workbook -> add_format();
$col_A_format -> set_font ('Courier New');
$col_A_format -> set_align ('center');
$worksheet -> set_column (0, 0, 10, $col_A_format);
#
# Define and set the format for column B.
#
my $col_B_format = $workbook -> add_format();
$col_B_format -> set_align ('center');
$worksheet -> set_column (1, 1, 8, $col_B_format);
#
# Define and set the format for column C.
#
my $col_C_format = $workbook -> add_format();
$col_C_format -> set_italic (1);
$worksheet -> set_column (2, 2, 20, $col_C_format);
#
# Define and set the format for column D.
#
my $col_D_format = $workbook -> add_format();
$col_D_format -> set_align ('center');
$worksheet -> set_column (3, 3, 12, $col_D_format);
#
# Define and set the format for column E.
#
my $col_E_format = $workbook -> add_format();
$col_E_format -> set_font ('Wingdings');
$col_E_format -> set_align ('center');
$worksheet -> set_column (4, 4, 8, $col_E_format);
} ### End of sub.
sub format_user_attributes($) {
#*********************************************************************
#
# Format attributes for a single user.
#
#*********************************************************************
#
# Declare and initialise local variables.
#
my @month = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
my $attr_list = {};
my $uid = "";
my $user_name = "";
my @date_time = ();
my $last_login_date = "";
my $acc_locked = "";
#
# Store parameter input.
#
$attr_list = shift;
#
# Get user id.
#
$uid = $attr_list -> {"id"};
#
# Get user's real name.
#
if ( exists $attr_list -> {"gecos"} ) {
$user_name = $attr_list -> {"gecos"};
}
else {
$user_name = "N/A";
}
#
# Get last login date.
#
if ( exists $attr_list -> {"time_last_login"} ) {
@date_time = localtime ($attr_list -> {"time_last_login"});
$last_login_date = sprintf ("%02d", ($date_time [4] + 1));
$last_login_date .= "/";
$last_login_date .= sprintf ("%02d", $date_time [3]);
$last_login_date .= "/";
$last_login_date .= ($date_time [5] + 1900);
}
else {
$last_login_date = "Never";
}
#
# Get account locked status.
#
if ( exists $attr_list -> {"account_locked"} ) {
if ( $attr_list -> {"account_locked"} eq "true" ) {
$acc_locked = "Yes";
}
else {
$acc_locked = "No";
}
}
#
# Return the user attributes.
#
return ($uid, $user_name, $last_login_date, $acc_locked);
} ### End of sub.
### End of program.