#!/usr/bin/perl # pw_expire.pl use strict; my $homedir = "/home"; # in yyyymmdd format # do not force pw change if changed more recently than: my $good_change_date = "20201001"; # if ( $last_pw_change < $good_change_date ) { my $this_script = $0; # remove ./ from script name so it can be used in outfile name $this_script =~ s/^.*\.\///; # remove .pl from script name so it can be used in outfile name $this_script =~ s/\..*$//; my $pwuid = getpwuid( $< ); if ( $pwuid ne "root" ) { print "This script must be run as root\n"; exit } my $pid = $$; my $outfile = $this_script . "_" . $pid . ".csv"; open (OUT, ">>$outfile") || die "unable to open $outfile " . $! . "\n"; chomp (my $hozt = `hostname`); chomp (my $datestring = `date +"%Y-%m-%d"`); chomp(my @users = `ls -1 $homedir`); print OUT "$hozt $datestring\n\n"; print OUT "BEFORE expiring passwords:\n\n"; print OUT "user,last_pw_change,pw_expires,pw_inactive,acct_expires,min_day,max_day,warn_day\n"; my %month = ( Jan => "01", Feb => "02", Mar => "03", Apr => "04", May => "05", Jun => "06", Jul => "07", Aug => "08", Sep => "09", Oct => "10", Nov => "11", Dec => "12" ); my %pw_info; for (1..2) { my $loop = $_; for my $user (@users) { my $realuser = `grep "^$user:" /etc/passwd`; # print "realuser = $realuser\n"; next if (! $realuser); my @chage = `chage -l $user`; my ($last_pw_change,$pw_expires,$pw_inactive,$acct_expires,$min_day,$max_day,$warn_day); # 1 Last password change : Apr 11, 2019 # 2 Password expires : never # 3 Password inactive : never # 4 Account expires : never # 5 Minimum number of days between password change : 0 # 6 Maximum number of days between password change : 99999 # 7 Number of days of warning before password expires : 7 $last_pw_change = &reformat($chage[0]); $pw_info{$user}{"last_pw_change"} = $last_pw_change; $pw_expires= &reformat($chage[1]); $pw_info{$user}{"pw_expires"} = $pw_expires; $pw_inactive = &reformat($chage[2]); $pw_info{$user}{"pw_inactive"} = $pw_inactive; $acct_expires = &reformat($chage[3]); $pw_info{$user}{"acct_expires"} = $acct_expires; $min_day = &reformat($chage[4]); $pw_info{$user}{"min_day"} = $min_day; $max_day = &reformat($chage[5]); $pw_info{$user}{"max_day"} = $max_day; $warn_day = &reformat($chage[6]); $pw_info{$user}{"warn_day"} = $warn_day; print OUT "$user,$last_pw_change,$pw_expires,$pw_inactive,$acct_expires,$min_day,$max_day,$warn_day\n"; if (( $last_pw_change < $good_change_date ) && ( $loop == 1 )) { print "$user $last_pw_change\n"; # next if ($user eq ""); print "expiring $user password\n"; `passwd -e $user`; if ( $loop == 1 ) { print OUT "\n\n\n"; print "AFTER expiring passwords:\n\n"; } } } print "\nSee output in $outfile\n\n"; exit; # ************************************************* sub reformat { chomp (my $chage_item = shift); # strip off the label and leave only the value $chage_item =~ s/^.*:\s*//; # check if $chage_item is a date and if so, reformat it to yyyymmdd if ( $chage_item =~ /([A-Z][a-z][a-z])\s+(\d+)\,\s+(\d{4})/ ) { $chage_item = $3 . $month{$1} . $2; } return $chage_item; }