Here is a script I wrote for finding locked users on HPUX boxes running as trusted systems. I must note that on most systems I admin, I usually put the identifier USER_ACCOUNT in the gecos field. So part of this script grep for that in order to get a list of user accounts.
This will output a list of users that have any of the lockout fields set. If you read the man page for getprpw, you will see the following list of what the fields mean.
If you get no output, then there are no locked accounts. As with many UNIX/Linux commands -- "No news is good news."
$cat lockout_info
#!/usr/bin/sh
# Prints account lockout info
# NOTE: for use with trusted systems
grep USER_ACCOUNT /etc/passwd |
awk -F: '{print $1}' |
while read account
do
echo ${account} $(sudo /usr/lbin/getprpw -m lockout ${account} 2>/dev/null) |
grep -v "0000000"
done
This will output a list of users that have any of the lockout fields set. If you read the man page for getprpw, you will see the following list of what the fields mean.
1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
If you get no output, then there are no locked accounts. As with many UNIX/Linux commands -- "No news is good news."
Comments
Post a Comment