summaryrefslogtreecommitdiff
path: root/localnotifypwexp
blob: e6e2ef6656fc30690593c9eb7e1f96f758f2282a (plain) 
    

  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. # notifypwexp - send mail to users whose passwords are expiring soon
    6. 

  6. # designed to be run daily or weekly from cron
    7. 

  7. 

  8. # call with -w for weekly mode (checks to see if warning period begins in the next 7 days
    9. 

  9. # use -w for a weekly cron job, avoiding excessive emails
    10. 

  10. 

  11. # with no option, it only checks whether we're in the warning period now
    12. 

  12. # use this for a daily cron job
    13. 

  13. 

  14. # by Dennis Williamson
    15. 

  15. 

  16. # Origin: http://serverfault.com/questions/11887
    17. 

  17. 

  18. # ### SETUP ###
    19. 

  19. 

  20. if [[ $1 == "-w" ]] # check for expiration warnings beginning during the next seven days
    21. 

  21. then
    22. 

  22.     weekmode=7
    23. 

  23. else
    24. 

  24.     weekmode=0
    25. 

  25. fi
    26. 

  26. 

  27. admins="root postmaster"
    28. 

  28. declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
    29. 

  29. 

  30. hostname=$(hostname --fqdn)
    31. 

  31. domainname=$(hostname --domain)
    32. 

  32. 

  33. # /etc/shadow is system dependent
    34. 

  34. shadowfile="/etc/shadow"
    35. 

  35. # fields in /etc/shadow
    36. 

  36. declare -r last=2
    37. 

  37. #declare -r may=3 # not used in this script
    38. 

  38. declare -r must=4
    39. 

  39. declare -r warn=5
    40. 

  40. #declare -r grace=6 # not used in this script
    41. 

  41. declare -r disable=7
    42. 

  42. 

  43. declare -r doesntmust=99999
    44. 

  44. declare -r warndefault=7
    45. 

  45. 

  46. passwdfile="/etc/passwd"
    47. 

  47. declare -r uidfield=3
    48. 

  48. declare -r unamefield=1
    49. 

  49. # UID range is system dependent
    50. 

  50. declare -r uidmin=1000
    51. 

  51. declare -r uidmax=65534 # exclusive
    52. 

  52. 

  53. # remove the hardcoded path from these progs to use them via $PATH
    54. 

  54. # mailx is system dependent
    55. 

  55. notifyprog="mailx"
    56. 

  56. grepprog="grep"
    57. 

  57. awkprog="awk"
    58. 

  58. dateprog="date"
    59. 

  59. 

  60. # comment out one of these
    61. 

  61. #useUTC=""
    62. 

  62. useUTC="-u"
    63. 

  63. 

  64. # +%s is a GNUism - set it to blank and use dateformat if you have
    65. 

  65. # a system that uses something else like epochdays, for example
    66. 

  66. epochseconds="+%s"
    67. 

  67. dateformat=""   # blank for GNU when epochseconds="+%s"
    68. 

  68. secondsperday=86400 # set this to 1 for no division
    69. 

  69. 

  70. today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
    71. 

  71. oIFS=$IFS
    72. 

  72. 

  73. # ### END SETUP ###
    74. 

  74. 

  75. # ### MAIL TEMPLATES ###
    76. 

  76. 

  77. # use single quotes around templates, backslash escapes and substitutions 
    78. 

  78. # will be evaluated upon output
    79. 

  79. usersubjecttemplate='Your password is expiring soon'
    80. 

  80. userbodytemplate='Your password on $hostname expires in $(($expdate - $today)) days.
    81. 

  81. 

  82. Please contact the $domain IT department by email or phone
    83. 

  83. if you have any questions. Help is also available at 
    84. 

  84. http://support.$domain/password'
    85. 

  85. 

  86. adminsubjecttemplate='User Password Expired: $user@$hostname'
    87. 

  87. adminbodytemplate='The password for user $user on $hostname expired $age days ago.
    88. 

  88. 

  89. Please contact this user about their inactive account and consider whether
    90. 

  90. the account should be disabled or deleted.'
    91. 

  91. 

  92. # ### END MAIL TEMPLATES ###
    93. 

  93. 

  94. # allow overrides (especially userbodytemplate)
    95. 

  95. declare -r orgconfig=local-ORG/notifypwexp
    96. 

  96. declare -r hostconfig=local/notifypwexp
    97. 

  97. [ ! -r /etc/$orgconfig ] || . /etc/$orgconfig
    98. 

  98. [ ! -r /etc/$hostconfig ] || . /etc/$hostconfig
    99. 

  99. 

  100. # get real users
    101. 

  101. users=$($awkprog -F:    -v uidfield=$uidfield \
    102. 

  102.     -v unamefield=$unamefield \
    103. 

  103.     -v uidmin=$uidmin \
    104. 

  104.     -v uidmax=$uidmax \
    105. 

  105.     -- '$uidfield>=uidmin && $uidfield<uidmax \
    106. 

  106.     {print $unamefield}' $passwdfile)
    107. 

  107. 

  108. for user in $users;
    109. 

  109. do
    110. 

  110. 

  111.     IFS=":"
    112. 

  112.     usershadow=$($grepprog ^$user $shadowfile)
    113. 

  113. 

  114.     # make an array out of it
    115. 

  115.     usershadow=($usershadow)
    116. 

  116.     IFS=$oIFS
    117. 

  117. 

  118.     mustchange=${usershadow[$must]}
    119. 

  119.     disabledate=${usershadow[$disable]:-$doesntmust}
    120. 

  120. 

  121.     # skip users that aren't expiring or that are disabled
    122. 

  122.     if [[ $mustchange -ge $doesntmust || $disabledate -le $today  ]] ; then continue; fi;
    123. 

  123. 

  124.     lastchange=${usershadow[$last]}
    125. 

  125.     warndays=${usershadow[$warn]:-$warndefault}
    126. 

  126.     expdate=$(($lastchange + $mustchange))
    127. 

  127. 

  128.     threshhold=$(($today + $warndays + $weekmode))
    129. 

  129. 

  130.     if [[ $expdate -lt $threshhold ]];
    131. 

  131.     then
    132. 

  132.         if [[ $expdate -ge $today ]];
    133. 

  133.         then
    134. 

  134.             subject=$(eval "echo \"$usersubjecttemplate\"")
    135. 

  135.             body=$(eval "echo \"$userbodytemplate\"")
    136. 

  136.             echo -e "$body" | $notifyprog -s "$subject" $user 
    137. 

  137.         else
    138. 

  138.             if [[ $age -ge $aged ]];
    139. 

  139.             then
    140. 

  140.                 subject=$(eval "echo \"$adminsubjecttemplate\"")
    141. 

  141.                 body=$(eval "echo \"$adminbodytemplate\"")
    142. 

  142.                 echo -e "$body" | $notifyprog -s "$subject" $admins
    143. 

  143.             fi
    144. 

  144.         fi
    145. 

  145.     fi
    146. 

  146. 

  147. done
    148.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 11:27:11 +0000