blob: 7f7d11b17890b8489ec15f67856e7572e8c62db1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
#!/bin/bash
# notifypwexp - send mail to users whose passwords are expiring soon
# designed to be run daily or weekly from cron
# original code by Dennis Williamson
# modified by Georg Pfuetzenreuter <georg@lysergic.dev>
# ### SETUP ###
#for weekly cron:
weekmode=7
#for daily cron:
#weekmode=0
admins="system"
declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
hostname=`hostname --fqdn`
# /etc/shadow is system dependent
shadowfile="/etc/shadow"
# fields in /etc/shadow
declare -r last=2
#declare -r may=3 # not used in this script
declare -r must=4
declare -r warn=5
#declare -r grace=6 # not used in this script
declare -r disable=7
declare -r doesntmust=99999
declare -r warndefault=7
passwdfile="/etc/passwd"
declare -r uidfield=3
declare -r unamefield=1
# UID range is system dependent
declare -r uidmin=1000
declare -r uidmax=65534 # exclusive
# remove the hardcoded path from these progs to use them via $PATH
# mailx is system dependent
notifyprog="/bin/mail"
grepprog="/bin/grep"
awkprog="/usr/bin/awk"
dateprog="/bin/date"
# comment out one of these
#useUTC=""
useUTC="-u"
# +%s is a GNUism - set it to blank and use dateformat if you have
# a system that uses something else like epochdays, for example
epochseconds="+%s"
dateformat="" # blank for GNU when epochseconds="+%s"
secondsperday=86400 # set this to 1 for no division
#secondsperday=1
today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
echo "today: $today"
oIFS=$IFS
# ### END SETUP ###
# ### MAIL TEMPLATES ###
# use single quotes around templates, backslash escapes and substitutions
# will be evaluated upon output
usersubjecttemplate='Your password is expiring soon'
gentemplate_userbody () {
local days="$1"
userbodytemplate="Your password on $hostname expires in $days days."
}
adminsubjecttemplate='User Password Expired: $user@$hostname'
adminbodytemplate='The password for user $user on $hostname expired $age days ago.
Please contact this user about their inactive account and consider whether
the account should be disabled or deleted.'
# ### END MAIL TEMPLATES ###
# get real users
users=$($awkprog -F: -v uidfield=$uidfield \
-v unamefield=$unamefield \
-v uidmin=$uidmin \
-v uidmax=$uidmax \
-- '$uidfield>=uidmin && $uidfield<uidmax \
{print $unamefield}' $passwdfile)
for user in $users;
do
echo "user: $user"
IFS=":"
usershadow=$($grepprog ^$user $shadowfile)
echo "usershadow 1: $usershadow"
# make an array out of it
usershadow=($usershadow)
echo "usershadow 2: $usershadow"
IFS=$oIFS
mustchange=${usershadow[$must]}
echo "mustchange: $mustchange"
disabledate=${usershadow[$disable]:-$doesntmust}
echo "disabledate: $disabledate"
# skip users that aren't expiring or that are disabled
if [[ $mustchange -ge $doesntmust || $disabledate -le $today ]] ; then continue; fi;
lastchange=${usershadow[$last]}
echo "lastchange: $lastchange"
warndays=${usershadow[$warn]:-$warndefault}
echo "warndays: $warndays"
expdate=$(("$lastchange" + "$mustchange"))
echo "expdate: $expdate"
threshhold=$(($today + $warndays + $weekmode))
echo "threshhold: $treshhold"
if [[ $expdate -lt $threshhold ]];
gentemplate_userbody "$(($expdate - $today))"
then
if [[ $expdate -ge $today ]];
then
subject=$(eval "echo \"$usersubjecttemplate\"")
body=$(eval "echo \"$userbodytemplate\"")
echo -e "$body" | $notifyprog -s "$subject" $user
else
if [[ $age -ge $aged ]];
then
subject=$(eval "echo \"$adminsubjecttemplate\"")
body=$(eval "echo \"$adminbodytemplate\"")
echo -e "$body" | $notifyprog -s "$subject" $admins
fi
fi
fi
done
|
