Planet Malaysia Blog

Linux Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.

Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.

When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.

The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.

Basically I have a 3 request from customer as below:

• display a list of users that have not been login after X days.
• lock the users that have not been login after X days.
• delete a users that have not been login after X days.

First, the script will search for UID > 999 then it can use to display the result, lock the user account and delete the user account which I make a remarks.

The original script can be found on Unix forums which I have make a small modification.

#Script START here 

#!/bin/bash
#
# Search for Last X Login Day for UID > 999,
# LOCK username after X days without login,
# DELETE username after X days without login.
#

#Define X numbers of days
NUM_DAYS=”90″

#Define TODAY Date in string format
TODAY_CODE=$(echo “$(date +%s) / 86400″ | bc)

#Search UID > 999
#for i in $(cat /etc/passwd | awk -F’:’ ‘{print $1}’)
for i in $(cat /etc/passwd | awk -F: ‘{ if ($3 > 999) {print $1}}’)
do

#grep LAST login
last | grep ${i} > /dev/null 2>&1

if [ $? -eq 0 ]
then

#List Date in Text format
DATE_TEXT=$(last | grep ${i} | head -1 | awk ‘{print $5″ “$6}’)

#List Date in String format e.g. 14170
DATE_CODE=$(echo “$(date -d”${DATE_TEXT}” +%s) / 86400″ | bc)

DIFF_DAYS=$(echo “${TODAY_CODE} - ${DATE_CODE}” | bc)

if [ ${DIFF_DAYS} -ge ${NUM_DAYS} ]
then

##
## Putting your FUNCTIONs here
##

#DISPLAY Username and X days
echo “${i} - ${DIFF_DAYS}days”

#LOCK User Account
#/usr/bin/passwd -l ${i}
#echo “Username - ${i} have been LOCK after ${DIFF_DAYS} days without login” | /bin/mail -s “User LOCK report” your_email@planetmy.com

#DELETE User Account
#/usr/sbin/userdel ${i}
#echo “Username - ${i} have been DELETE after ${DIFF_DAYS} days without login” | /bin/mail -s “User DELETE report” your_email@planetmy.com

#SHOW all users attribute
#/usr/bin/passwd -S -a | /bin/mail -s “Users password status for all accounts” your_email@planetmy.com

##END FUNCTIONs here

fi
fi
done

##Script END here

Note: remove the “#” sign as your requirement need.

Please feel free to comment, take away, share and change it.

Updated: I would suggest you try lastllog command too.

Possibly Related Posts:

• SSH Remote Access Authentication Tips
• Your Password is Disclose
• Ask Google Engineer a Questions
• Fedora 10 Artwork
• Set a Good Password Policy On SuSE Linux