#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3

    Check for Specific Username Password Expire


    hey Guys, I haven't posted in a while, But you guys were really helpful alst time.

    I have had a issue with User Passwords expiring, and since I dont check /var/cron/log on the regular I never know these suers are expiring, making certain nightly jobs not run.

    With this script, I want to be able to check for these particular users password expiration and mail ourselves a reminder.

    I saw plenty of examples online, but I have a thing of borrowing from or editing code I cant understand as I want to understand what I am writing, and what the code is doing, helps me learn better.

    Below is some code I've written to a way I can understand and work with. This code is dependent on a epoch Perl script I found online. But I dont think that is my problem presently. My problem is that right now, it does through every user in /etc/shadow and checks. I want it to only check a particular set of users our Admin usersnames all end in adm. so I want to only search for users in /etc/shadow ending in adm (for example testbedadm) and check for its expiration dates.

    Any Suggestions? And sorry if this was lengthy

    Code:
    #!/bin/ksh
    #Author:Emmanuel Iroanya Jr
    #Edited: 
    #Date:December 20th, 2012
    #Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration  seven days in advance
    #This script needs the epoch.pl I found on google to work
    
    ID=`id | cut -d ' ' -f 1`
    if [[ "${ID}" != "uid=0(root)" ]]
    then
       echo "You Need To Be Root To Run This Script, Please and Thank You"
       exit 1
    fi
    
    export Shadow=/etc/shadow
    #Location of the epoch.pl script I found from Google to Compare the Date
    export EpochSh=/usr/local/bin/epoch.pl
    export Hostname=`hostname`
    #Our SSE Email Address that will get notification 
    export Email="!SysEngGrp@mycompany.com"
    
    for i in `cat $Shadow`
    do
    export User=`echo $i |cut -d ':' -f 1`
    export MaxDay=`echo $i | cut -d ':' -f 5`
    echo "$MaxDay"
    export Epoch=`echo $i |cut -d ':' -f 3`
    export Eval=`$EpochSh $Epoch | cut -d ':' -f 2`
    echo "$Eval"
    		 if [[ $Eval == `expr $MaxDay - 7` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
    		 elif [[ $Eval == `expr $MaxDay - 6` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 6 days. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 
    		 elif [[ $Eval == `expr $MaxDay - 5` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 5 days. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 		 
    		 elif [[ $Eval == `expr $MaxDay - 4` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 4 days. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 		 
    		 elif [[ $Eval == `expr $MaxDay - 3` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 3 days. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 		 
    		 elif [[ $Eval == `expr $MaxDay - 2` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 2 days. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 		 
    		 elif [[ $Eval == `expr $MaxDay - 1` ]]
    		 then
    		 echo "Password for unix user $User on `hostname` is going to expire in 1 day. Please change it ASAP" |  mailx -s 'Password Expiration ' $Email		 		 
    		 elif [[ $Eval == "$MaxDay" ]]
    		 then
    		 echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS"
    		 fi
    done
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    So I think I answered my question on how to look for the specific admin user with the below part,

    Code:
    for line in `cat $Shadow | grep adm`
    do
     echo $line
    done >passFile.txt
    for i in `cat passFile.txt`
    do
    rest of my logic etc...

    However, when I run it I get a bunch of varying errors like below:

    1 days to current day
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    expr: syntax error
    I am assuming the Day Part is from the epoch.pl portion that reads the days the expr syntax error, is that from my math in my if/elseif logic?
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    spaceBAR Central
    Posts
    229
    Rep Power
    42
    However, when I run it I get a bunch of varying errors like below:
    1 days to current day
    expr: syntax error

    Have you determined which is the last statement that executed successfully? You can use 'set -x' and also put and echo "1", etc. after each statement to figure out where the problem starts and then we can analyse the statement.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    Originally Posted by spacebar208
    Have you determined which is the last statement that executed successfully? You can use 'set -x' and also put and echo "1", etc. after each statement to figure out where the problem starts and then we can analyse the statement.
    I was told that ksh let you do arithmetic, so you don't have to use expr... so that might be the first issue I have with the math in my elseif login. Thanks though. Will Update when I get a chance to look at it again.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    Originally Posted by spacebar208
    Have you determined which is the last statement that executed successfully? You can use 'set -x' and also put and echo "1", etc. after each statement to figure out where the problem starts and then we can analyse the statement.
    Sorry for the delayed response, work had me looking at more urgent matters, back back to this, I have changed the code a bit, and have still no luck in getting it running.

    Below is the code:

    Code:
    #Author:Emmanuel Iroanya Jr
    #Edited: 
    #Date:December 20th, 2012
    #Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration  seven days in advance
    
    ID=`id | cut -d ' ' -f 1`
    if [[ "${ID}" != "uid=0(root)" ]]
    then
       echo "You Need To Be Root To Run This Script, Please and Thank You"
       exit 1
    fi
    
    export Shadow=/etc/shadow
    EpochSh=`perl -e 'print time, "\n"'`
    export Hostname=`hostname`
    #Our SSE Email Address that will get notification
    export Email="emmanuel@mycompany.com"
    for line in `cat $Shadow | grep adm`
    do
     echo $line
    done >passFile.txt
    for i in `cat passFile.txt`
    do
    User=`echo $i |cut -d ':' -f 1`
    MaxDay=`echo $i | cut -d ':' -f 5`
    echo "$MaxDay"
    Epoch=`echo $i |cut -d ':' -f 3`
    Eval=`$MaxDay+$Epoch-$EpochSh`
    echo "$Eval"
                     if [[ $Eval -lt 7 ]]
                     then
                     echo "Password for unix user $User on `hostname` is going to expire in less than a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
                     elif [[ $Eval -le 0 ]]
                     then
                     echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS"
                     fi
    done
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    spaceBAR Central
    Posts
    229
    Rep Power
    42
    Try your math like this:
    Code:
    $ MaxDay=100
    
    $ Epoch=10
    
    $ EpochSh=50
    
    $ (( result = MaxDay + Epoch - EpochSh ))
    
    $ echo $result
    60
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    Originally Posted by spacebar208
    Try your math like this:
    Code:
    $ MaxDay=100
    
    $ Epoch=10
    
    $ EpochSh=50
    
    $ (( result = MaxDay + Epoch - EpochSh ))
    
    $ echo $result
    60
    I ended up trying this:
    Code:
    eval Eval=`echo '( $MaxDay + $Epoch ) - ( $EpochSh / 86400 ) ' | bc`
    Now getting error
    Code:
    syntax error on line 1, teletype
  14. #8
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    spaceBAR Central
    Posts
    229
    Rep Power
    42
    Try it like this:
    Code:
    $ MaxDay=100
    $ Epoch=10
    $ EpochSh=50
    $ Eval=`echo "scale=5;$MaxDay+$Epoch-($EpochSh/86400)" | bc -l`
    $ echo $Eval
    109.99943
    Also, Here are some examples:
    https://www.shell-tips.com/2010/06/1...ation-in-bash/
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    Originally Posted by spacebar208
    Try it like this:
    Code:
    $ MaxDay=100
    $ Epoch=10
    $ EpochSh=50
    $ Eval=`echo "scale=5;$MaxDay+$Epoch-($EpochSh/86400)" | bc -l`
    $ echo $Eval
    109.99943
    Also, Here are some examples:
    https://www.shell-tips.com/2010/06/1...ation-in-bash/
    Hey, thanks for the help, I ended up spliting the expression up, see full code below:

    Code:
    #!/bin/ksh -x
    #Author:Emmanuel Iroanya Jr
    #Date:December 20th, 2012
    #Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration  seven days in advance
    ID=`id | cut -d ' ' -f 1`
    if [[ "${ID}" != "uid=0(root)" ]]
    then
       echo "You Need To Be Root To Run This Script, Please and Thank You"
       exit 1
    fi
    export Shadow=/etc/shadow
    export EpochSh=`perl -e 'print time, "\n"'`
    export Hostname=`hostname`
    #Our SSE Email Address that will get notification
    export Email="mygroup@mycompany.com"
    for line in `cat $Shadow | grep adm`
    do
     echo $line
    done >passFile.txt
    for i in `cat passFile.txt`
    do
    User=`echo $i |cut -d ':' -f 1`
    MaxDay=`echo $i | cut -d ':' -f 5`
    echo "$MaxDay"
    Epoch=`echo $i |cut -d ':' -f 3`
    echo "$Epoch"
    Eval1=`expr $MaxDay + $Epoch`
    Eval2=`expr $EpochSh / 86400`
    Eval=`expr $Eval1 - $Eval2`
    #export Eval=$(echo '( $MaxDay + $Epoch ) - ( $EpochSh / 86400 ) ' | bc)
    echo "$Eval"
                     if [[ $Eval -lt 7 ]]
                     then
                     echo "Password for unix user $User on `hostname` is going to expire in less than a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
                     elif [[ $Eval -le 0 ]]
                     then
                     echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS" | mailx -s 'Password Expiration ' $Email
                     fi
    done
    however, my last and final issue is how to deal with a username like below where a
    Code:
    passwd -x -1
    was used to set the password to never expire. So the MaxDay variable is blank and this is what is causing them all to alarm, it gets a blank value passes it in and the number obviously will be lower that 7 or 0 and causes the email

    Example:

    Code:
    + + cut -d : -f 1
    + echo testingadm:.ezNz7T6WZLK.:15730::::::
    User=newadm
    + + cut -d : -f 5
    + echo testingadm:.ezNz7T6WZLK.:15730::::::
    MaxDay=
    + echo
    + + cut -d : -f 3
    + echo testingadm:.ezNz7T6WZLK.:15730::::::
    Epoch=15730
    + echo 15730
    15730
    + + expr + 15730
    expr: syntax error
    Eval1=
    + + expr 1359133813 / 86400
    Eval2=15730
    + + expr - 15730
    expr: syntax error
    Eval=
    + echo
    + [[  -lt 7 ]]
    + mailx -s Password Expiration  mygroup@mycompany.com
    + hostname
    + echo Password for unix user newadm on cmap01 is going to expire in less than a week. Please change it ASAP
  18. #10
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    spaceBAR Central
    Posts
    229
    Rep Power
    42
    Change this statement to default 'MaxDay' parameter to zero if empty and try it:
    Code:
    From:  Eval1=`expr $MaxDay + $Epoch`
      To:  Eval1=`expr ${MaxDay-0} + $Epoch`
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2012
    Location
    Baltimore, MD
    Posts
    37
    Rep Power
    3
    Originally Posted by spacebar208
    Change this statement to default 'MaxDay' parameter to zero if empty and try it:
    Code:
    From:  Eval1=`expr $MaxDay + $Epoch`
      To:  Eval1=`expr ${MaxDay-0} + $Epoch`

    Thanks I ended up changing it to
    Code:
     Eval1=`expr ${MaxDay:-99999} + $Epoch`
    works like a charm now.

    Final Code:

    Code:
    #!/bin/ksh
    #Author:Emmanuel Iroanya Jr
    #Date:December 20th, 2012
    #Purpose: The purpose of this is to check the Shadow table for the epoch value and warn the users / Email of Password Expiration  seven days in advance
    
    ID=`id | cut -d ' ' -f 1`
    if [[ "${ID}" != "uid=0(root)" ]]
    then
       echo "You Need To Be Root To Run This Script, Please and Thank You"
       exit 1
    fi
    
    export Shadow=/etc/shadow
    export EpochSh=`perl -e 'print time, "\n"'`
    export Hostname=`hostname`
    #Our SSE Email Address that will get notification
    export Email="mygroup@mycompany.com"
    for line in `cat $Shadow | grep adm`
    do
     echo $line
    done >passFile.txt
    for i in `cat passFile.txt`
    do
    User=`echo $i |cut -d ':' -f 1`
    MaxDay=`echo $i | cut -d ':' -f 5`
    echo "$MaxDay"
    Epoch=`echo $i |cut -d ':' -f 3`
    echo "$Epoch"
    Eval1=`expr ${MaxDay:-99999} + $Epoch`
    Eval2=`expr $EpochSh / 86400`
    
    Eval=`expr $Eval1 - $Eval2`
    echo "$Eval"
                     if [[ $Eval -lt 7 ]]
                     then
                     echo "Password for unix user $User on `hostname` is going to expire in less than a week. Please change it ASAP" | mailx -s 'Password Expiration ' $Email
                     elif [[ $Eval -le 0 ]]
                     then
                     echo "PASSWORD FOR USER $User HAS EXPIRED.PLEASE CHANGE IT ASAP TO AVOID PRODUCTION CRON JOBS FROM FAILING AND THE RESULTING LATE NIGHT CALLS" | mailx -s 'Password Expiration ' $Email
                     fi
    done

IMN logo majestic logo threadwatch logo seochat tools logo