Question : adding sudo info to my  lastlogin's report

Hi, I made this script to report lastlogin, nologin and blocked users on AIX, but it does not include login using su.  Question: How can I include su login to exclude from the lastlogin (1st part of the script)?

This's the code:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69:

#!/usr/bin/ksh # PATH=$PATH export PATH export HOSTNAME=`hostname` if [ $# -ne 1 ]; then echo >&2 "Uso: inactiveusers.ksh 'numero_de_dias'" exit 1 fi getdate() { perl -e ' use POSIX qw(strftime); $mydate = strftime "%c", localtime($ARGV[0]); print $mydate; ' $1 } now=`date +%s` days=$1 if [[ $days -le 0 ]] then echo "ERROR: Introduzca el parametro $dias correctamente" exit 1 fi delta=$(($days*86400)) refpoint=$(($now - $delta)) ( echo "********************************************************************" echo "Usuarios inactivos (no login) en los ultimos $days dias en $HOSTNAME" echo "********************************************************************" lsuser -a time_last_login ALL | grep -e time_last_login | while read line do set $line username=$1 logintime=`echo $2 | awk -F= ' { print $2 } '` if [[ $logintime -lt $refpoint ]]; then lsuser -a time_last_login gecos $username |awk '{print $1,$2,$3,$4}'|sed -e 's/gecos=/ Nombre: /' -e 's/time_last_login=/ LastLogin=/'| while read ACCOUNT LOGIN NUM USER; do echo $ACCOUNT ${LOGIN%%[0-9]*} \"$(getdate ${LOGIN##*=})\" $NUM $USER; done fi done echo echo "********************************************************" echo "Usuarios que no se han logueado nunca y estan 'unlocked'" echo "********************************************************" lsuser -a time_last_login account_locked ALL | grep -v time_last_login | grep false | while read line do print $line done echo echo "*************************************" echo "Usuarios bloqueados en este instante:" echo "*************************************" lsuser -a account_locked ALL|grep true ; lsuser -a unsuccessful_login_count ALL|egrep -v 'unsuccessful_login_count=0|unsuccessful_login_count=1|unsuccessful_login_count=2'|sed 's/unsuccessful_login_count/No_de_intentos_fallidos:/' || echo "No existen usuarios bloqueados en $HOSTNAME" echo echo "##########################################################" ) 2>&1 | more

Answer : adding sudo info to my  lastlogin's report

Hi again,

I'm a bit confused now.

Do you want to exclude reporting on userids which has been su'ed to?

In this case your report is indeed fine.

The "time_last_login" value of a user doesn't reflect su'ing to that user. Successful use of su resets the "unsuccessful_login_count" attribute only if the user's rlogin and login attributes are both set to false.

Of course the last login time of the user who issued "su" is recorded.

If you want to report on "su" use you will have to examine /var/adm/sulog. The drawback with that file is that the date is contained in mm/dd hh:mm format - that's not seconds since epoch, and there is no year!

Anyway - your script is a real nice thing - I can't see anything wrong with it!

wmp