Init password expiry notifier
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
e029bd6231
commit
ec9366e51c
GPG Key ID:
1ED2F138E7E6FF57
150
scripts/bash/notifypwexp.sh
Executable file
150
scripts/bash/notifypwexp.sh
Executable file
@ -0,0 +1,150 @@
|
||||
#!/bin/bash
|
||||
|
||||
# notifypwexp - send mail to users whose passwords are expiring soon
|
||||
# designed to be run daily or weekly from cron
|
||||
|
||||
# original code by Dennis Williamson
|
||||
# modified by Georg Pfuetzenreuter <georg@lysergic.dev>
|
||||
|
||||
# ### SETUP ###
|
||||
|
||||
#for weekly cron:
|
||||
weekmode=7
|
||||
|
||||
#for daily cron:
|
||||
#weekmode=0
|
||||
|
||||
admins="system"
|
||||
declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
|
||||
|
||||
hostname=`hostname --fqdn`
|
||||
|
||||
# /etc/shadow is system dependent
|
||||
shadowfile="/etc/shadow"
|
||||
# fields in /etc/shadow
|
||||
declare -r last=2
|
||||
#declare -r may=3 # not used in this script
|
||||
declare -r must=4
|
||||
declare -r warn=5
|
||||
#declare -r grace=6 # not used in this script
|
||||
declare -r disable=7
|
||||
|
||||
declare -r doesntmust=99999
|
||||
declare -r warndefault=7
|
||||
|
||||
passwdfile="/etc/passwd"
|
||||
declare -r uidfield=3
|
||||
declare -r unamefield=1
|
||||
# UID range is system dependent
|
||||
declare -r uidmin=1000
|
||||
declare -r uidmax=65534 # exclusive
|
||||
|
||||
# remove the hardcoded path from these progs to use them via $PATH
|
||||
# mailx is system dependent
|
||||
notifyprog="/bin/mail"
|
||||
grepprog="/bin/grep"
|
||||
awkprog="/usr/bin/awk"
|
||||
dateprog="/bin/date"
|
||||
|
||||
# comment out one of these
|
||||
#useUTC=""
|
||||
useUTC="-u"
|
||||
|
||||
# +%s is a GNUism - set it to blank and use dateformat if you have
|
||||
# a system that uses something else like epochdays, for example
|
||||
epochseconds="+%s"
|
||||
dateformat="" # blank for GNU when epochseconds="+%s"
|
||||
secondsperday=86400 # set this to 1 for no division
|
||||
#secondsperday=1
|
||||
|
||||
today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
|
||||
echo "today: $today"
|
||||
oIFS=$IFS
|
||||
|
||||
# ### END SETUP ###
|
||||
|
||||
# ### MAIL TEMPLATES ###
|
||||
|
||||
# use single quotes around templates, backslash escapes and substitutions
|
||||
# will be evaluated upon output
|
||||
usersubjecttemplate='Your password is expiring soon'
|
||||
|
||||
gentemplate_userbody () {
|
||||
local days="$1"
|
||||
userbodytemplate="Your password on $hostname expires in $days days."
|
||||
}
|
||||
|
||||
adminsubjecttemplate='User Password Expired: $user@$hostname'
|
||||
adminbodytemplate='The password for user $user on $hostname expired $age days ago.
|
||||
|
||||
Please contact this user about their inactive account and consider whether
|
||||
the account should be disabled or deleted.'
|
||||
|
||||
# ### END MAIL TEMPLATES ###
|
||||
|
||||
# get real users
|
||||
users=$($awkprog -F: -v uidfield=$uidfield \
|
||||
-v unamefield=$unamefield \
|
||||
-v uidmin=$uidmin \
|
||||
-v uidmax=$uidmax \
|
||||
-- '$uidfield>=uidmin && $uidfield<uidmax \
|
||||
{print $unamefield}' $passwdfile)
|
||||
|
||||
for user in $users;
|
||||
do
|
||||
|
||||
echo "user: $user"
|
||||
|
||||
IFS=":"
|
||||
usershadow=$($grepprog ^$user $shadowfile)
|
||||
echo "usershadow 1: $usershadow"
|
||||
|
||||
# make an array out of it
|
||||
usershadow=($usershadow)
|
||||
echo "usershadow 2: $usershadow"
|
||||
|
||||
IFS=$oIFS
|
||||
|
||||
mustchange=${usershadow[$must]}
|
||||
echo "mustchange: $mustchange"
|
||||
|
||||
disabledate=${usershadow[$disable]:-$doesntmust}
|
||||
echo "disabledate: $disabledate"
|
||||
|
||||
# skip users that aren't expiring or that are disabled
|
||||
if [[ $mustchange -ge $doesntmust || $disabledate -le $today ]] ; then continue; fi;
|
||||
|
||||
lastchange=${usershadow[$last]}
|
||||
echo "lastchange: $lastchange"
|
||||
|
||||
warndays=${usershadow[$warn]:-$warndefault}
|
||||
echo "warndays: $warndays"
|
||||
|
||||
expdate=$(("$lastchange" + "$mustchange"))
|
||||
echo "expdate: $expdate"
|
||||
|
||||
threshhold=$(($today + $warndays + $weekmode))
|
||||
echo "threshhold: $treshhold"
|
||||
|
||||
if [[ $expdate -lt $threshhold ]];
|
||||
|
||||
gentemplate_userbody "$(($expdate - $today))"
|
||||
|
||||
then
|
||||
if [[ $expdate -ge $today ]];
|
||||
then
|
||||
subject=$(eval "echo \"$usersubjecttemplate\"")
|
||||
body=$(eval "echo \"$userbodytemplate\"")
|
||||
echo -e "$body" | $notifyprog -s "$subject" $user
|
||||
else
|
||||
if [[ $age -ge $aged ]];
|
||||
then
|
||||
subject=$(eval "echo \"$adminsubjecttemplate\"")
|
||||
body=$(eval "echo \"$adminbodytemplate\"")
|
||||
echo -e "$body" | $notifyprog -s "$subject" $admins
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
done
|
||||
Loading…
Reference in New Issue
Block a user