From ac255291751e2d635992b5a0ebc4b5f203a888b0 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 6 Oct 2011 13:25:50 +0200 Subject: Add new script localnotifypwexp to warn users before their password expires. --- localnotifypwexp | 144 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100755 localnotifypwexp diff --git a/localnotifypwexp b/localnotifypwexp new file mode 100755 index 0000000..0d7845f --- /dev/null +++ b/localnotifypwexp @@ -0,0 +1,144 @@ +#!/bin/bash + +set -e + +# notifypwexp - send mail to users whose passwords are expiring soon +# designed to be run daily or weekly from cron + +# call with -w for weekly mode (checks to see if warning period begins in the next 7 days +# use -w for a weekly cron job, avoiding excessive emails + +# with no option, it only checks whether we're in the warning period now +# use this for a daily cron job + +# by Dennis Williamson + +# Origin: http://serverfault.com/questions/11887 + +# ### SETUP ### + +if [[ $1 == "-w" ]] # check for expiration warnings beginning during the next seven days +then + weekmode=7 +else + weekmode=0 +fi + +admins="root postmaster" +declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always" + +hostname=$(hostname --fqdn) + +# /etc/shadow is system dependent +shadowfile="/etc/shadow" +# fields in /etc/shadow +declare -r last=2 +#declare -r may=3 # not used in this script +declare -r must=4 +declare -r warn=5 +#declare -r grace=6 # not used in this script +declare -r disable=7 + +declare -r doesntmust=99999 +declare -r warndefault=7 + +passwdfile="/etc/passwd" +declare -r uidfield=3 +declare -r unamefield=1 +# UID range is system dependent +declare -r uidmin=1000 +declare -r uidmax=65534 # exclusive + +# remove the hardcoded path from these progs to use them via $PATH +# mailx is system dependent +notifyprog="/bin/mailx" +grepprog="/bin/grep" +awkprog="/usr/bin/awk" +dateprog="/bin/date" + +# comment out one of these +#useUTC="" +useUTC="-u" + +# +%s is a GNUism - set it to blank and use dateformat if you have +# a system that uses something else like epochdays, for example +epochseconds="+%s" +dateformat="" # blank for GNU when epochseconds="+%s" +secondsperday=86400 # set this to 1 for no division + +today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday)) +oIFS=$IFS + +# ### END SETUP ### + +# ### MAIL TEMPLATES ### + +# use single quotes around templates, backslash escapes and substitutions +# will be evaluated upon output +usersubjecttemplate='Your password is expiring soon' +userbodytemplate='Your password on $hostname expires in $(($expdate - $today)) days. + +Please contact the IT department by email at \"helpdesk\" or at +extension 555 if you have any questions. Help is also available at +http://helpdesk.example.com/password' + +adminsubjecttemplate='User Password Expired: $user@$hostname' +adminbodytemplate='The password for user $user on $hostname expired $age days ago. + +Please contact this user about their inactive account and consider whether +the account should be disabled or deleted.' + +# ### END MAIL TEMPLATES ### + +# allow overrides (especially userbodytemplate) +declare -r localconfig=/etc/local/notifypwexp +if [ -r /etc/default/$localconfig ]; then . /etc/default/$localconfig; fi + +# get real users +users=$($awkprog -F: -v uidfield=$uidfield \ + -v unamefield=$unamefield \ + -v uidmin=$uidmin \ + -v uidmax=$uidmax \ + -- '$uidfield>=uidmin && $uidfield