Thursday, April 11, 2013

Script for checking accounts

In a perfect world all user accounts are centrally managed by a directory server such as NIS, LDAP or Active Directory. Unfortunately not all servers use accounts that are centrally managed or there are some servers that are set aside, as stand alone servers. It a can be a real pain to find out your account's password expired. Then be forced to change it before you can login. So I wrote this is a little script because I need to know when my passwords are about to expire. This way I can change my passwords on all the servers, before they expire.

I have three different operating systems at work so of course they all do this differently. In this how to I will be using examples from Solaris 10, RHEL 5 (Red Hat Enterprise Linux) and SLES 11 (SUSE Linux Enterprise Server). I created a different file, containing the server names, for each OS.

The script below logs into each server listed in the server-sol file and runs the passwd -s command and prints the output on the screen. It then runs the change -l command on the Linux servers. SUSE needs elevated privileges to run the change -l, so I add sudo to the line. The line where you see the echo statement, prints the server's name indented and in bold.

man@earth>cat check-login2
for s in `cat server-sol`
do echo -e "\e[1m $s \033[0m "
ssh -q $s sudo passwd -s man
done
for r in `cat server-rhel`
do echo -e "\e[1m $r \033[0m "
ssh -q $r chage -l man
done
for sles in `cat server-suse`
do echo -e "\e[1m $sles \033[0m "
ssh -q $sles sudo chage -l man
done

Examples of out from script on the different OS versions.
man@earth>./check-login2
   solaris-server
rich PS 04/03/13 7 56 7
   rhel-server
Last password change : Apr 03, 2013
Password expires : May 29, 2013
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 56
Number of days of warning before password expires : 7
   sles-server
Minimum: 1
Maximum: 60
Warning: 7
Inactive: 35
Last Change: Apr 03, 2013
Password Expires: Jun 02, 2013
Password Inactive: Jul 07, 2013
Account Expires: Never

As you can see there is a difference in the output each OS gives you. If you have any comments or questions please post them below.