#!/bin/ksh # $Id$ # your name 12/12/2006 rotate AIX log files #set -x FwTmp=/usr/sbin/acct/fwtmp mail_to=root if [[ $(whoami) != "root" ]]; then print "exiting, must have root access" exit 1 fi function mail_errors { mailx -s "### ERROR: $0 - failed to $mail_mess $input_file ###" $mail_to } function test_return_code { return_code=$? if [[ $return_code != "0" ]]; then print on host $(hostname) | mail_errors exit 1 fi } for input_file in /var/adm/wtmp /etc/security/failedlogin /var/adm/ cron/log ; do # check to see if the log files exist if [[ -f $input_file ]]; then output_file=${input_file}."$( date +%Y ).$( date +%W)" # if the output file exists, we'll skip the file - means we're rerunning if [[ -e ${output_file}.gz ]]; then continue fi # create a text output file from the binary input mail_mess="create text file" $FwTmp < $input_file > $output_file test_return_code # truncate the $input_file mail_mess="truncate input file" $FwTmp -ic < /dev/null > $input_file test_return_code # compress text file mail_mess="compress text file" gzip -qf $output_file test_return_code fi done this one is for spotting dodgy users, you could just add a chuser to the step #!/bin/ksh # $Id$ # MHB 29/08/2002 original scripting # MHB 28/03/2007 change for MoH # MHB 15/05/2007 fixed duplicate $never_logged_in printing bug # audit all users on host # get the seconds since epoch secs_since_epoch=$(perl -le 'print time') function do_the_thing { # function to test a string to see if the test created any output if [[ -n "$1" ]]; then # and print the string print "$1" | troff -a fi } function put_it_out_there { do_the_thing "$no_password_aging" do_the_thing "$all_locked_accounts" do_the_thing "$never_logged_in" do_the_thing "$not_for_ninety" do_the_thing "$passwd_set_never_logged_in" do_the_thing "$too_many_unsuccessful" do_the_thing "$has_it_expired" } # get list of all local users, conveniently excludes finding default stanzas for user_name in $( awk -F':' '{print $1}' /etc/passwd | sort ) ; do # check for password aging if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/minage|maxage/ ){print $0} } ' / etc/security/user ) ]]; then if [[ -z $no_password_aging ]]; then no_password_aging=$( print no passwd aging - $user_name ) else no_password_aging=$( print $no_password_aging $user_name ) fi fi # check for locked accounts if [[ -n $(awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/account_locked = true/ ){print $0} } ' /etc/security/user ) ]]; then if [[ -z $all_locked_accounts ]]; then all_locked_accounts=$( print locked users - $user_name ) else all_locked_accounts=$( print $all_locked_accounts $user_name ) fi fi # check for accounts that have never logged in if [[ -z $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'$user_name':" ' /etc/security/lastlog) ]] || [[ -n $ ( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" { if (!/time_last_login/ ){print $1} } ' /etc/security/lastlog ) ]]; then if [[ -z $never_logged_in ]]; then never_logged_in=$( print never logged in - $user_name ) else never_logged_in=$( print $never_logged_in $user_name ) fi fi # check to see if not logged in for last 90 days if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/time_last_login/ ){print $1} } ' /etc/security/lastlog) ]]; then if (( $secs_since_epoch - $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{if (match($0,/time_last_login = [0-9]+/) ){ print substr($0, RSTART+18, 10)} }' /etc/security/ lastlog ) > 7776000 )); then if [[ -z $not_for_ninety ]]; then not_for_ninety=$( print not used 90+ - $user_name ) else not_for_ninety=$( print $not_for_ninety $user_name ) fi fi fi # check to see if password set, but user never logged in if [[ -n $( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':"{ if (/flags = ADMCHG/ ){print $1} } ' /etc/security/passwd) ]]; then if [[ -z $passwd_set_never_logged_in ]]; then passwd_set_never_logged_in=$( print passwd set but user never logged in - $user_name ) else passwd_set_never_logged_in=$( print $passwd_set_never_logged_in $user_name ) fi fi # check number of unsuccessful logins num_unsuccessful_logins=$( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" {if (match($0,/ unsuccessful_login_count = [0-9]+/) ) {print substr($0, RSTART+27, 1)} }' /etc/security/lastlog ) if [[ -n $num_unsuccessful_logins ]] && (( $num_unsuccessful_logins >= 4 )) ; then if [[ -z $too_many_unsuccessful ]]; then too_many_unsuccessful=$( print 5 or more unsuccessful logins - $user_name ) else too_many_unsuccessful=$( print $too_many_unsuccessful $user_name ) fi fi # check to see if the password has expired time_now=$(perl -le 'print time') password_last_update=$( awk 'BEGIN{ FS = "\n"; RS = ""} $1 == "'"$user_name"':" { if (match($0,/lastupdate/) ) {print substr($0, RSTART+13, 10)} } ' /etc/security/passwd ) if [[ -n $password_last_update ]]; then if (( $(( $time_now - $password_last_update )) > $ (( 60*60*24*7*4)) )); then if [[ -z $has_it_expired ]]; then has_it_expired=$( print Password older than 4 weeks - $user_name ) else has_it_expired=$( print $has_it_expired $user_name ) fi fi fi done if [[ $1 = "-o" ]]; then this_script=$(basename $0) output_file=/var/adm/rebuild/${this_script%%.sh}.txt print '$Id$' >$output_file put_it_out_there >>$output_file else put_it_out_there fi