Script: 90DayUnlocked.ksh

by on Feb.19, 2014, under AIX, Scripts

# 90 Day/Account Unlocked user check
# 2014 Feb 14 - Jamey Hopkins
# check if account password has not changed in > 90 days and is not locked
# 20140219 JAH - Updated to exclude locked accounts/cleaned up output

echo; echo "Password Change > 90 Days and Account NOT Locked on `uname -n | tr "[a-z]" "[A-Z]"`"
for USER in $(cut -f1 -d":" /etc/passwd | grep -v "+")
   LASTCH=`pwdadm -q $USER | awk '/lastupdate/ {FS="="; print $3}'`
   LASTCH_HR=`perl -e "print scalar localtime($LASTCH);"`
   if [[ ! -z $LASTCH ]]; then
      EPOCH=`perl -e 'print time'`
      let PWAGE="$EPOCH - $LASTCH"
      # 7776000 seconds = 90 days
      if [[ $PWAGE -gt 7776000 ]] ; then
         LOCKED=`lsuser -a account_locked $USER | cut -f2 -d= | xargs echo`
         [ "$LOCKED" = "false" ] && echo "$LASTCH_HR: $USER"

No comments for this entry yet...

Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

But Wait, There's More!

A few highly recommended friends...