ciphermethod.com


#!/bin/ksh
# 90 Day/Account Unlocked user check
# 2014 Feb 14 - Jamey Hopkins
# check if account password has not changed in > 90 days and is not locked
# 20140219 JAH - Updated to exclude locked accounts/cleaned up output

echo; echo "Password Change > 90 Days and Account NOT Locked on `uname -n | tr "[a-z]" "[A-Z]"`"
for USER in $(cut -f1 -d":" /etc/passwd | grep -v "+")
do
   LASTCH=`pwdadm -q $USER | awk '/lastupdate/ {FS="="; print $3}'`
   LASTCH_HR=`perl -e "print scalar localtime($LASTCH);"`
   if [[ ! -z $LASTCH ]]; then
      EPOCH=`perl -e 'print time'`
      let PWAGE="$EPOCH - $LASTCH"
      # 7776000 seconds = 90 days
      if [[ $PWAGE -gt 7776000 ]] ; then
         LOCKED=`lsuser -a account_locked $USER | cut -f2 -d= | xargs echo`
         [ "$LOCKED" = "false" ] && echo "$LASTCH_HR: $USER"
      fi
   fi
done
echo