#! /usr/bin/perl
####################################################################
# Description:
# This script emails a user when their:
# - password is within 14 days of expiring.
# - password is expired
#
# This script requires the following to work:
# - Each user needs a $HOME/.forward file that contains a valid
# email address.
# - The $HOME/.forward file must be owned by the user account
#####################################################################
$HOST=`uname -n`; chomp($HOST);
$UNIXSUPPORT="some_email@domain.com";
$epoch = int(time/(60*60*24));
open(SHADOW, "< /etc/shadow");
while (<SHADOW>) {
($USER, $encr_pass, $created, undef, $exp_days, undef, undef, undef)=split(/:/, $_);
chomp($shel = `egrep "^$USER:" /etc/passwd | cut -d: -f6`);
next if $shel =~ m(/sbin/nologin); # we don't care about accounts w/ nologin shell
$PASS_AGE = ($exp_days-($epoch-$created));
if ($encr_pass =~ m{^\!\!$} || $encr_pass =~ m{^\*$}){
$Nothing = 0; # Account is locked/password not set - skip this condition
next;
}elsif ($encr_pass =~ m{^\!.*$}) {
$Nothing = 0; # Account is administratively locked - skip this condition
next;
} elsif ($created eq "0" || $exp_days eq "99999") {
# Password aging is disabled for the account - Set the correct policy for the user
`passwd -x 90 -w 14 $USER`; # password expires in 90 days/Warning 14
`chage -d 0 $USER`; # Force password change on next login
next;
} elsif ($PASS_AGE >= 0 && $PASS_AGE <= 14) {
# password expires within 14 days - notify user
$SUBJECT = "Password expiration notification for $USER from $HOST";
&SendMail("$USER", "$SUBJECT", "
Notice: The user account $USER will expire in $PASS_AGE days on $HOST.
Login and change the password before the expiration date or the account may be locked.
Your new password must conform to the following policies:
- Minimum of 8 characters in length
- Contains at least 1 special character within the first 8 characters
- Contains at least 1 numeric character within the first 8 characters
Contact the Support Team for any further assistance.
");
next;
} elsif ($PASS_AGE < 0 && $PASS_AGE > -90) {
# password is expired - notify user
$SUBJECT = "Password expiration notification for $USER from $HOST";
&SendMail("$USER", "$SUBJECT", "
Notice: The user account $USER expired $PASS_AGE days ago on $HOST.
Login and change the password or the account may be locked or removed.
Your new password must conform to the following policies:
- Minimum of 8 characters in length
- Contains at least 1 special character within the first 8 characters
- Contains at least 1 numeric character within the first 8 characters
Contact the Support Team for any further assistance.
");
next;
} elsif ($PASS_AGE < -90 ) {
# Password has been expired for more than 90 days - lock and notify support for deletion
`passwd -l $USER`; # Lock the account
`/usr/sbin/usermod -s /sbin/nologin $USER`; # Set a nologin shell
$SUBJECT = "User account $USER has been expired for 90 days or more";
&SendMail("root", "$SUBJECT", "
Notice: The user account $USER expired $PASS_AGE days ago on $HOST.
Since the user has not changed the password, consider removing the account.
");
next;
}
}
close(SHADOW);
#############################################################################
### Define the subroutines below
#############################################################################
###
#1# Send a message to the user
###
sub SendMail {
my ($to, $subject, $message) = @_;
my $sendmail = '/usr/sbin/sendmail';
open(MAIL, "|$sendmail -oi -t");
print MAIL "From: $UNIXSUPPORT\n";
print MAIL "To: $to\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$message\n";
close(MAIL);
}
No comments:
Post a Comment