Re: Scripts needed for Trusted HP-UX system

• Previous message: Gokul: "ipfw configuration to connect to localhost"
• In reply to: Erica: "Scripts needed for Trusted HP-UX system"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 27 Sep 2003 17:40:37 +0200

Hi Erica,

This migh help you !!!

Bye,

Le

====================================================

Here is the script that Bill Hassel contributed a few months back, tells
you just about everthing about the accounts.

 #!/usr/bin/sh
 # Show deactivated users in a trusted system

 set -u
 PATH=/usr/bin:/usr/sbin:/usr/lbin
 typeset -R26 MINTM
 typeset -R26 EXPTM
 typeset -R26 LFTM
 typeset -R26 SPWCHG
 typeset -R26 UPWCHG
 typeset -R26 ACCTEXP
 typeset -R26 LLOG
 typeset -R26 ULOGINT
 typeset -R26 SLOGINY
 typeset -R26 UMAXLNTR
 typeset -R26 NOTSET="-1"

 REASON[1]="exceeded password lifetime"
 REASON[2]="exceeded last login time"
 REASON[3]="exceeded absolute account lifetime"
 REASON[4]="exceeded unsuccessful login attempts"
 REASON[5]="password required and a null password"
 REASON[6]="administrator lock"
 REASON[7]="password is a *"

 NOTTRUSTED=/sbin/true
 if [ -x /usr/lbin/modprpw ]
 then
 modprpw 1> /dev/null 2>&1
 if [ $? -eq 2 ]
 then
 NOTTRUSTED=/sbin/false
 fi
 fi

 if $NOTTRUSTED
 then
 print "\n This system is not a Trusted System"
 exit 1
 fi

 for USER in $(listusers | awk '{print $1}')
 do
 LOCKOUT=$(getprpw -r -m lockout $USER)
 ERR=$?
 if [ $ERR != 0 ]
 then
 print "getprpw failed, error = $ERR"
 exit $ERR
 fi

 # Since multiple reasons may exist in LOCKOUT, process
 # each bit position separately

 if [ $LOCKOUT != "0000000" ]
 then
 print "\nUser $USER deactivated, reason: \c"
 for BIT in 1 2 3 4 5 6 7
 do
 REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
 if [ $REASONBIT != 0 ]
 then
 if [ $REASONBIT = 1 ]
 then
 print "${REASON[$BIT]}"
 else
 print "AUDIT error: Bad character in lockout: $REASONBIT"
 fi
 fi
 done

 MINTM=$(getprpw -r -m mintm $USER)
 EXPTM=$(getprpw -r -m exptm $USER)
 LFTM=$(getprpw -r -m lftm $USER)
 SPWCHG=$(getprpw -r -m spwchg $USER)
 UPWCHG=$(getprpw -r -m upwchg $USER)
 ACCTEXP=$(getprpw -r -m acctexp $USER)
 LLOG=$(getprpw -r -m llog $USER)
 ULOGINT=$(getprpw -r -m ulogint $USER)
 SLOGINY=$(getprpw -r -m sloginy $USER)
 UMAXLNTR=$(getprpw -r -m umaxlntr $USER)

 # Show values only if set (-1 is not set)

 [[ "$MINTM" != "$NOTSET" ]] && \
 print "$MINTM = Min time between PW changes"
 [[ "$EXPTM" != "$NOTSET" ]] && \
 print "$EXPTM = Password expiration time"
 [[ "$LFTM" != "$NOTSET" ]] && \
 print "$LFTM = Password lifetime"
 [[ "$SPWCHG" != "$NOTSET" ]] && \
 print "$SPWCHG = Password was changed"
 [[ "$UPWCHG" != "$NOTSET" ]] && \
 print "$UPWCHG = Password was unsuccessfully changed"
 [[ "$ACCTEXP" != "$NOTSET" ]] && \
 print "$ACCTEXP = account expires"
 [[ "$LLOG" != "$NOTSET" ]] && \
 print "$LLOG = Last successful login"
 [[ "$SLOGINY" != "$NOTSET" ]] && \
 print "$SLOGINY = Terminal used for last successful login"
 [[ "$ULOGINT" != "$NOTSET" ]] && \
 print "$ULOGINT = Last unsuccessful login"
 [[ "$UMAXLNTR" != "$NOTSET" ]] && \
 print "$UMAXLNTR = Max unsuccessful login tries"

 fi
 done

 print
 exit 0

"Erica" <bsunixx@yahoo.com> wrote in message
news:52842e12.0309210503.6c69919f@posting.google.com...
> I need a scriptson on HP-UX 11 systems for any of the following:
>
> - List users who have been inactive and log on to the sytem in
> a specific time period.
>
> = Last Successful Login
>
> - Last Unscucessful Login
>
> - Last TIme Password was Changed
>
> - Number of Invalid Login Attemps
>
> Thanks Erica Mills
> Dallas, TX

• Previous message: Gokul: "ipfw configuration to connect to localhost"
• In reply to: Erica: "Scripts needed for Trusted HP-UX system"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]