Unix/Linux User Lock status check script


You can modify this script to check if is there any user locked. Also,  It ‘ll send information about the user's status. You can change it as you wish. I have added a simple output.

#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
hostNAME=`hostname`
NOW=$(date +"%m-%d-%Y-%H:%M")
MAIL_SUB=`echo "$hostNAME User Lock"`
DEG1=""
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"
echo "$hostNAME Server Locked Account(s).\n" >/unixadmin/lockcheck
printf "%-20s%-20s%-20s%-20s%-20s\n" "Alert Date" "Hostname" "Alert Type" "Locked User" "Lock Reason" >> /unixadmin/lockcheck
for USER in $(listusers | awk '{print $1}'|grep -vE 'daemon|bin:|adm|lp|hpdb|cimsrvr|opc_op|sfmdb|sshd|iwww|owww|hpsmh|smmsp|smbnull|tftp')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi
# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately
if [ $LOCKOUT != "0000000" ]
then
#print "\nUser "$USER" deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
DEG1=`print " ${REASON[$BIT]}"`
else
DEG1=`print " Bad character in lockout: $REASONBIT"`
fi
printf "%-20s%-20s%-20s%-20s%-20s\n" "----------------" "----------------" "------------------" "------------------" "--------------------------" >> /unixadmin/lockcheck
printf "%-20s%-20s%-20s%-20s%-20s\n" "$NOW" "`hostname`" "User Lock" "$USER" "$DEG1" >> /unixadmin/lockcheck
fi
done
fi
done
if cat /unixadmin/lockcheck|grep -q "User Lock" >/dev/null 2>&1
then
cat /unixadmin/lockcheck|/usr/bin/mailx -s "$MAIL_SUB" abdurrahim.yildirim@casesup.com
fi
Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me