summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2022-05-26 19:53:15 +0200
committerGeorg Pfuetzenreuter2022-05-26 19:53:15 +0200
commitec9366e51c358b98d6ccd1dbd484077a7ae0c340 (patch)
tree15143bdee1ffa8512013db108773ff8b2b619f9a
parente029bd62317905cc965a4c2c49149a1752884926 (diff)
downloadsystem-ec9366e51c358b98d6ccd1dbd484077a7ae0c340.tar.gz
system-ec9366e51c358b98d6ccd1dbd484077a7ae0c340.tar.bz2
system-ec9366e51c358b98d6ccd1dbd484077a7ae0c340.zip
Init password expiry notifier
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
-rwxr-xr-xscripts/bash/notifypwexp.sh150
1 files changed, 150 insertions, 0 deletions
diff --git a/scripts/bash/notifypwexp.sh b/scripts/bash/notifypwexp.sh
new file mode 100755
index 0000000..7f7d11b
--- /dev/null
+++ b/scripts/bash/notifypwexp.sh
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# notifypwexp - send mail to users whose passwords are expiring soon
+# designed to be run daily or weekly from cron
+
+# original code by Dennis Williamson
+# modified by Georg Pfuetzenreuter <georg@lysergic.dev>
+
+# ### SETUP ###
+
+#for weekly cron:
+weekmode=7
+
+#for daily cron:
+#weekmode=0
+
+admins="system"
+declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
+
+hostname=`hostname --fqdn`
+
+# /etc/shadow is system dependent
+shadowfile="/etc/shadow"
+# fields in /etc/shadow
+declare -r last=2
+#declare -r may=3 # not used in this script
+declare -r must=4
+declare -r warn=5
+#declare -r grace=6 # not used in this script
+declare -r disable=7
+
+declare -r doesntmust=99999
+declare -r warndefault=7
+
+passwdfile="/etc/passwd"
+declare -r uidfield=3
+declare -r unamefield=1
+# UID range is system dependent
+declare -r uidmin=1000
+declare -r uidmax=65534 # exclusive
+
+# remove the hardcoded path from these progs to use them via $PATH
+# mailx is system dependent
+notifyprog="/bin/mail"
+grepprog="/bin/grep"
+awkprog="/usr/bin/awk"
+dateprog="/bin/date"
+
+# comment out one of these
+#useUTC=""
+useUTC="-u"
+
+# +%s is a GNUism - set it to blank and use dateformat if you have
+# a system that uses something else like epochdays, for example
+epochseconds="+%s"
+dateformat="" # blank for GNU when epochseconds="+%s"
+secondsperday=86400 # set this to 1 for no division
+#secondsperday=1
+
+today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
+echo "today: $today"
+oIFS=$IFS
+
+# ### END SETUP ###
+
+# ### MAIL TEMPLATES ###
+
+# use single quotes around templates, backslash escapes and substitutions
+# will be evaluated upon output
+usersubjecttemplate='Your password is expiring soon'
+
+gentemplate_userbody () {
+ local days="$1"
+ userbodytemplate="Your password on $hostname expires in $days days."
+}
+
+adminsubjecttemplate='User Password Expired: $user@$hostname'
+adminbodytemplate='The password for user $user on $hostname expired $age days ago.
+
+Please contact this user about their inactive account and consider whether
+the account should be disabled or deleted.'
+
+# ### END MAIL TEMPLATES ###
+
+# get real users
+users=$($awkprog -F: -v uidfield=$uidfield \
+ -v unamefield=$unamefield \
+ -v uidmin=$uidmin \
+ -v uidmax=$uidmax \
+ -- '$uidfield>=uidmin && $uidfield<uidmax \
+ {print $unamefield}' $passwdfile)
+
+for user in $users;
+do
+
+ echo "user: $user"
+
+ IFS=":"
+ usershadow=$($grepprog ^$user $shadowfile)
+ echo "usershadow 1: $usershadow"
+
+ # make an array out of it
+ usershadow=($usershadow)
+ echo "usershadow 2: $usershadow"
+
+ IFS=$oIFS
+
+ mustchange=${usershadow[$must]}
+ echo "mustchange: $mustchange"
+
+ disabledate=${usershadow[$disable]:-$doesntmust}
+ echo "disabledate: $disabledate"
+
+ # skip users that aren't expiring or that are disabled
+ if [[ $mustchange -ge $doesntmust || $disabledate -le $today ]] ; then continue; fi;
+
+ lastchange=${usershadow[$last]}
+ echo "lastchange: $lastchange"
+
+ warndays=${usershadow[$warn]:-$warndefault}
+ echo "warndays: $warndays"
+
+ expdate=$(("$lastchange" + "$mustchange"))
+ echo "expdate: $expdate"
+
+ threshhold=$(($today + $warndays + $weekmode))
+ echo "threshhold: $treshhold"
+
+ if [[ $expdate -lt $threshhold ]];
+
+ gentemplate_userbody "$(($expdate - $today))"
+
+ then
+ if [[ $expdate -ge $today ]];
+ then
+ subject=$(eval "echo \"$usersubjecttemplate\"")
+ body=$(eval "echo \"$userbodytemplate\"")
+ echo -e "$body" | $notifyprog -s "$subject" $user
+ else
+ if [[ $age -ge $aged ]];
+ then
+ subject=$(eval "echo \"$adminsubjecttemplate\"")
+ body=$(eval "echo \"$adminbodytemplate\"")
+ echo -e "$body" | $notifyprog -s "$subject" $admins
+ fi
+ fi
+ fi
+
+
+done