#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
hostNAME=`hostname`
NOW=$(date +"%m-%d-%Y-%H:%M")
MAIL_SUB=`echo "$hostNAME User Lock"`
DEG1=""
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"
echo "$hostNAME Server Locked Account(s).\n" >/unixadmin/lockcheck
printf "%-20s%-20s%-20s%-20s%-20s\n" "Alert Date" "Hostname" "Alert Type" "Locked User" "Lock Reason" >> /unixadmin/lockcheck
for USER in $(listusers | awk '{print $1}'|grep -vE 'daemon|bin:|adm|lp|hpdb|cimsrvr|opc_op|sfmdb|sshd|iwww|owww|hpsmh|smmsp|smbnull|tftp')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi
# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately
if [ $LOCKOUT != "0000000" ]
then
#print "\nUser "$USER" deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
DEG1=`print " ${REASON[$BIT]}"`
else
DEG1=`print " Bad character in lockout: $REASONBIT"`
fi
printf "%-20s%-20s%-20s%-20s%-20s\n" "----------------" "----------------" "------------------" "------------------" "--------------------------" >> /unixadmin/lockcheck
printf "%-20s%-20s%-20s%-20s%-20s\n" "$NOW" "`hostname`" "User Lock" "$USER" "$DEG1" >> /unixadmin/lockcheck
fi
done
fi
done
if cat /unixadmin/lockcheck|grep -q "User Lock" >/dev/null 2>&1
then
cat /unixadmin/lockcheck|/usr/bin/mailx -s "$MAIL_SUB" abdurrahim.yildirim@casesup.com
fi