summaryrefslogtreecommitdiff
path: root/localnotifypwexp
blob: 2ea686e914b4610f05544b36d1abd5ca2eca71c1 (plain) 
    

  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. # notifypwexp - send mail to users whose passwords are expiring soon
    6. 

  6. # designed to be run daily or weekly from cron
    7. 

  7. 

  8. # call with -w for weekly mode (checks to see if warning period begins in the next 7 days
    9. 

  9. # use -w for a weekly cron job, avoiding excessive emails
    10. 

  10. 

  11. # with no option, it only checks whether we're in the warning period now
    12. 

  12. # use this for a daily cron job
    13. 

  13. 

  14. # by Dennis Williamson
    15. 

  15. 

  16. # Origin: http://serverfault.com/questions/11887
    17. 

  17. 

  18. # ### SETUP ###
    19. 

  19. 

  20. if [[ $1 == "-w" ]] # check for expiration warnings beginning during the next seven days
    21. 

  21. then
    22. 

  22.     weekmode=7
    23. 

  23. else
    24. 

  24.     weekmode=0
    25. 

  25. fi
    26. 

  26. 

  27. admins="root postmaster"
    28. 

  28. declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
    29. 

  29. 

  30. hostname=$(hostname --fqdn)
    31. 

  31. 

  32. # /etc/shadow is system dependent
    33. 

  33. shadowfile="/etc/shadow"
    34. 

  34. # fields in /etc/shadow
    35. 

  35. declare -r last=2
    36. 

  36. #declare -r may=3 # not used in this script
    37. 

  37. declare -r must=4
    38. 

  38. declare -r warn=5
    39. 

  39. #declare -r grace=6 # not used in this script
    40. 

  40. declare -r disable=7
    41. 

  41. 

  42. declare -r doesntmust=99999
    43. 

  43. declare -r warndefault=7
    44. 

  44. 

  45. passwdfile="/etc/passwd"
    46. 

  46. declare -r uidfield=3
    47. 

  47. declare -r unamefield=1
    48. 

  48. # UID range is system dependent
    49. 

  49. declare -r uidmin=1000
    50. 

  50. declare -r uidmax=65534 # exclusive
    51. 

  51. 

  52. # remove the hardcoded path from these progs to use them via $PATH
    53. 

  53. # mailx is system dependent
    54. 

  54. notifyprog="/bin/mailx"
    55. 

  55. grepprog="/bin/grep"
    56. 

  56. awkprog="/usr/bin/awk"
    57. 

  57. dateprog="/bin/date"
    58. 

  58. 

  59. # comment out one of these
    60. 

  60. #useUTC=""
    61. 

  61. useUTC="-u"
    62. 

  62. 

  63. # +%s is a GNUism - set it to blank and use dateformat if you have
    64. 

  64. # a system that uses something else like epochdays, for example
    65. 

  65. epochseconds="+%s"
    66. 

  66. dateformat=""   # blank for GNU when epochseconds="+%s"
    67. 

  67. secondsperday=86400 # set this to 1 for no division
    68. 

  68. 

  69. today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
    70. 

  70. oIFS=$IFS
    71. 

  71. 

  72. # ### END SETUP ###
    73. 

  73. 

  74. # ### MAIL TEMPLATES ###
    75. 

  75. 

  76. # use single quotes around templates, backslash escapes and substitutions 
    77. 

  77. # will be evaluated upon output
    78. 

  78. usersubjecttemplate='Your password is expiring soon'
    79. 

  79. userbodytemplate='Your password on $hostname expires in $(($expdate - $today)) days.
    80. 

  80. 

  81. Please contact the IT department by email at \"helpdesk\" or at 
    82. 

  82. extension 555 if you have any questions. Help is also available at 
    83. 

  83. http://helpdesk.example.com/password'
    84. 

  84. 

  85. adminsubjecttemplate='User Password Expired: $user@$hostname'
    86. 

  86. adminbodytemplate='The password for user $user on $hostname expired $age days ago.
    87. 

  87. 

  88. Please contact this user about their inactive account and consider whether
    89. 

  89. the account should be disabled or deleted.'
    90. 

  90. 

  91. # ### END MAIL TEMPLATES ###
    92. 

  92. 

  93. # allow overrides (especially userbodytemplate)
    94. 

  94. declare -r orgconfig=local-ORG/notifypwexp
    95. 

  95. declare -r hostconfig=local/notifypwexp
    96. 

  96. [ ! -r /etc/$orgconfig ] || . /etc/$orgconfig
    97. 

  97. [ ! -r /etc/$hostconfig ] || . /etc/$hostconfig
    98. 

  98. 

  99. # get real users
    100. 

  100. users=$($awkprog -F:    -v uidfield=$uidfield \
    101. 

  101.     -v unamefield=$unamefield \
    102. 

  102.     -v uidmin=$uidmin \
    103. 

  103.     -v uidmax=$uidmax \
    104. 

  104.     -- '$uidfield>=uidmin && $uidfield<uidmax \
    105. 

  105.     {print $unamefield}' $passwdfile)
    106. 

  106. 

  107. for user in $users;
    108. 

  108. do
    109. 

  109. 

  110.     IFS=":"
    111. 

  111.     usershadow=$($grepprog ^$user $shadowfile)
    112. 

  112. 

  113.     # make an array out of it
    114. 

  114.     usershadow=($usershadow)
    115. 

  115.     IFS=$oIFS
    116. 

  116. 

  117.     mustchange=${usershadow[$must]}
    118. 

  118.     disabledate=${usershadow[$disable]:-$doesntmust}
    119. 

  119. 

  120.     # skip users that aren't expiring or that are disabled
    121. 

  121.     if [[ $mustchange -ge $doesntmust || $disabledate -le $today  ]] ; then continue; fi;
    122. 

  122. 

  123.     lastchange=${usershadow[$last]}
    124. 

  124.     warndays=${usershadow[$warn]:-$warndefault}
    125. 

  125.     expdate=$(($lastchange + $mustchange))
    126. 

  126. 

  127.     threshhold=$(($today + $warndays + $weekmode))
    128. 

  128. 

  129.     if [[ $expdate -lt $threshhold ]];
    130. 

  130.     then
    131. 

  131.         if [[ $expdate -ge $today ]];
    132. 

  132.         then
    133. 

  133.             subject=$(eval "echo \"$usersubjecttemplate\"")
    134. 

  134.             body=$(eval "echo \"$userbodytemplate\"")
    135. 

  135.             echo -e "$body" | $notifyprog -s "$subject" $user 
    136. 

  136.         else
    137. 

  137.             if [[ $age -ge $aged ]];
    138. 

  138.             then
    139. 

  139.                 subject=$(eval "echo \"$adminsubjecttemplate\"")
    140. 

  140.                 body=$(eval "echo \"$adminbodytemplate\"")
    141. 

  141.                 echo -e "$body" | $notifyprog -s "$subject" $admins
    142. 

  142.             fi
    143. 

  143.         fi
    144. 

  144.     fi
    145. 

  145. 

  146. done
    147.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 01:23:59 +0000