Created
February 13, 2015 11:40
-
-
Save dupuy/577e14b98492817a4246 to your computer and use it in GitHub Desktop.
Perl script to report on password and account expirations from /etc/shadow (Linux)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use POSIX 'strftime'; | |
| use constant DATEFMT => "%Y-%m-%d"; | |
| use constant SHADOWFILE => "/etc/shadow"; | |
| use constant DAYSECS => 60 * 60 * 24; | |
| sub datefmt($) | |
| { | |
| my $day = shift @_; | |
| return strftime(DATEFMT, gmtime(DAYSECS * $day)) | |
| } | |
| my $epoch_days = int(time / DAYSECS); | |
| open(SHADOW, SHADOWFILE) or die("Cannot open shadow password file '" . | |
| SHADOWFILE . "': $!\n"); | |
| while(<SHADOW>) | |
| { | |
| my ($user,$pass,$change,$min,$max,$warn,$inactive,$expire,$reserved) = | |
| split('\:'); | |
| # "Set the date... on which the user's account will no longer be accessible." | |
| if ($expire ne "" and $epoch_days >= (0 + $expire)) | |
| { | |
| my $expiration = $expire != 0 ? datefmt(0 + $expire) : $expire; | |
| print "User account '$user' expired on $expiration\n"; | |
| } | |
| if ($change ne "") | |
| { | |
| if ($change eq "0") | |
| { | |
| print "Password for '$user' must be changed immediately\n"; | |
| } | |
| elsif ($max ne "") | |
| { | |
| # "When MAX_DAYS plus LAST_DAY is *less than* the current day, | |
| # the user will be required to change his/her password" | |
| # Use + 1 because we want to print the date of expiration, always use >= | |
| my $expire_day = 0 + $change + $max + 1; | |
| my $expiration = datefmt($expire_day); | |
| if ($epoch_days >= $expire_day) | |
| { | |
| print "Password for '$user' expired $expiration"; | |
| if ($inactive ne "") | |
| { | |
| my $inactive_day = $expire_day + $inactive; | |
| my $inactivity = datefmt($inactive_day); | |
| if ($epoch_days >= $inactive_day) | |
| { | |
| print "and is invalid since $inactivity\n"; | |
| } | |
| else | |
| { | |
| print "and must change by $inactivity\n"; | |
| } | |
| } | |
| else | |
| { | |
| print "\n"; | |
| } | |
| } | |
| else | |
| { | |
| if ($warn ne "" and $epoch_days >= ($expire_day - $warn)) | |
| { | |
| print "Password for '$user' will expire $expiration\n"; | |
| } | |
| if ($min ne "") | |
| { | |
| my $next_day = 0 + $change + $min; | |
| if ($next_day > $expire_day) | |
| { | |
| $next_day = $expire_day | |
| } | |
| my $changeable = datefmt($next_day); | |
| if ($epoch_days < $next_day) | |
| { | |
| print "User '$user' cannot change password until $changeable\n"; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment