[Scottish] User account disabling

Colin Shorts colin.shorts at gmail.com
Tue Mar 17 09:54:16 UTC 2009 

Actually, I've got dates going back even further on another system...
Thu Aug 23 08:00:22 +0100 2007

$ lastlog | grep -v Never | grep -v '^Username' | \
awk '{print $1", "$6"-"$5"-"$9}'

Should be relatively parse-able, but adjust awkage to suit.

C


Paxton, Darren wrote:
> Colin
> 
> Thanks for your responses, they've certainly been most helpful.
> 
> Darren
> 
> 
> -----Original Message-----
> From: scottish-bounces at mailman.lug.org.uk [mailto:scottish-bounces at mailman.lug.org.uk] On Behalf Of Colin Shorts
> Sent: 17 March 2009 09:18
> To: SLUG-list
> Subject: Re: [Scottish] User account disabling
> 
> I'll top post too seeing as it's the default for thunderbird too (yes,
> you can change it).
> 
> I have dates going back to "Thu May 15 18:18:19 +0100 2008" and I
> haven't played with the defaults. You can specify the number of days
> using the '-b' switch, but of course if a user has never logged in this
> will always be shown.
> 
> C
> 
> Paxton, Darren wrote:
>> Sorry for top-posting - using crappy outlook
>>
>>
>> Colin
>>
>> It does help, thanks, but isn't the default for lastlog only back to about 30 days or so? I'm guessing I'd have to modify this across all the systems to hold more than this. I think this will be required anyway no matter what I choose, though.
>>
>> Thanks
>>
>> Darren
>>
>>
>>
>>
>> Paxton, Darren wrote:
>>> Hi All,
>>>
>>> Having one of those moments where no matter where I'm searching, can't seem to find what I'm actually looking for.
>>>
>>> Wondering how any of you are currently handling user account expiry if an account lies idle for a defined amount of time.
>>>
>>> I've seen perl scripts listed in some places, but I'm trying to see if I can use whatever native tools are already in place to identify when the user last logged in (this is on RHEL systems) and then work out if this is greater than the threshold of 90 days.
>>>
>>> At this point, we're not actually going to disable those accounts, just looking for a way to identify them so that systems can be flagged as requiring attention. (hopefully this will all help contribute to the argument for a centralised authentication mechanism).
>>>
>>> Systems are all RHEL so any advice anyone's got on this platform would be greatly appreciated.
>> `lastlog` will probably be your first port of call:
>>
>> # lastlog
>> Username         Port     From             Latest
>> root             tty1                      Sat Feb 28 14:01:43 +0000 2009
>> bin                                        **Never logged in**
>> daemon                                     **Never logged in**
>> adm                                        **Never logged in**
>> lp                                         **Never logged in**
>> sync                                       **Never logged in**
>> shutdown                                   **Never logged in**
>>
>> ~snip~
>>
>> You can also specify a range of UID's
>> # lastlog -u 1000-2000
>>
>> This might be more useful for parsing - you might not want to disable
>> some accounts.
>>
>>> Password expiry is also being enabled therefore was wondering if this could be centred around that as a way of doing the calculation.
>>>
>>> Thanks
>>>
>>> Darren
>>
>> HTH
>>
>> -Colin
>>
>> _______________________________________________
>> Scottish mailing list
>> Scottish at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/scottish
>>
>> This e-mail and any attachments may be confidential or legally privileged.If you received this message in error or are not the intended recipient, you should destroy the email message and any attachments or copies, and you are prohibited from retaining, distributing, disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your co-operation.
>>
>> _______________________________________________
>> Scottish mailing list
>> Scottish at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/scottish
> 
> _______________________________________________
> Scottish mailing list
> Scottish at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/scottish
> 
> This e-mail and any attachments may be confidential or legally privileged.If you received this message in error or are not the intended recipient, you should destroy the email message and any attachments or copies, and you are prohibited from retaining, distributing, disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your co-operation.
> 
> _______________________________________________
> Scottish mailing list
> Scottish at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/scottish

More information about the Scottish mailing list