Actually, I've got dates going back even further on another system...
Thu Aug 23 08:00:22 +0100 2007
$ lastlog | grep -v Never | grep -v '^Username' | \
awk '{print $1", "$6"-"$5"-"$9}'
Should be relatively parse-able, but adjust awkage to suit.
C
Paxton, Darren wrote:
> Colin
>
> Thanks for your responses, they've certainly been most helpful.
>
> Darren
>
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Colin Shorts
> Sent: 17 March 2009 09:18
> To: SLUG-list
> Subject: Re: [Scottish] User account disabling
>
> I'll top post too seeing as it's the default for thunderbird too (yes,
> you can change it).
>
> I have dates going back to "Thu May 15 18:18:19 +0100 2008" and I
> haven't played with the defaults. You can specify the number of days
> using the '-b' switch, but of course if a user has never logged in this
> will always be shown.
>
> C
>
> Paxton, Darren wrote:
>> Sorry for top-posting - using crappy outlook
>>
>>
>> Colin
>>
>> It does help, thanks, but isn't the default for lastlog only back to about
>> 30 days or so? I'm guessing I'd have to modify this across all the systems
>> to hold more than this. I think this will be required anyway no matter what
>> I choose, though.
>>
>> Thanks
>>
>> Darren
>>
>>
>>
>>
>> Paxton, Darren wrote:
>>> Hi All,
>>>
>>> Having one of those moments where no matter where I'm searching, can't seem
>>> to find what I'm actually looking for.
>>>
>>> Wondering how any of you are currently handling user account expiry if an
>>> account lies idle for a defined amount of time.
>>>
>>> I've seen perl scripts listed in some places, but I'm trying to see if I
>>> can use whatever native tools are already in place to identify when the
>>> user last logged in (this is on RHEL systems) and then work out if this is
>>> greater than the threshold of 90 days.
>>>
>>> At this point, we're not actually going to disable those accounts, just
>>> looking for a way to identify them so that systems can be flagged as
>>> requiring attention. (hopefully this will all help contribute to the
>>> argument for a centralised authentication mechanism).
>>>
>>> Systems are all RHEL so any advice anyone's got on this platform would be
>>> greatly appreciated.
>> `lastlog` will probably be your first port of call:
>>
>> # lastlog
>> Username Port From Latest
>> root tty1 Sat Feb 28 14:01:43 +0000 2009
>> bin **Never logged in**
>> daemon **Never logged in**
>> adm **Never logged in**
>> lp **Never logged in**
>> sync **Never logged in**
>> shutdown **Never logged in**
>>
>> ~snip~
>>
>> You can also specify a range of UID's
>> # lastlog -u 1000-2000
>>
>> This might be more useful for parsing - you might not want to disable
>> some accounts.
>>
>>> Password expiry is also being enabled therefore was wondering if this could
>>> be centred around that as a way of doing the calculation.
>>>
>>> Thanks
>>>
>>> Darren
>>
>> HTH
>>
>> -Colin
>>
>> _______________________________________________
>> Scottish mailing list
>> [email protected]
>> https://mailman.lug.org.uk/mailman/listinfo/scottish
>>
>> This e-mail and any attachments may be confidential or legally privileged.If
>> you received this message in error or are not the intended recipient, you
>> should destroy the email message and any attachments or copies, and you are
>> prohibited from retaining, distributing, disclosing or using any information
>> contained herein. Please inform us of the erroneous delivery by return
>> e-mail. Thank you for your co-operation.
>>
>> _______________________________________________
>> Scottish mailing list
>> [email protected]
>> https://mailman.lug.org.uk/mailman/listinfo/scottish
>
> _______________________________________________
> Scottish mailing list
> [email protected]
> https://mailman.lug.org.uk/mailman/listinfo/scottish
>
> This e-mail and any attachments may be confidential or legally privileged.If
> you received this message in error or are not the intended recipient, you
> should destroy the email message and any attachments or copies, and you are
> prohibited from retaining, distributing, disclosing or using any information
> contained herein. Please inform us of the erroneous delivery by return
> e-mail. Thank you for your co-operation.
>
> _______________________________________________
> Scottish mailing list
> [email protected]
> https://mailman.lug.org.uk/mailman/listinfo/scottish
_______________________________________________
Scottish mailing list
[email protected]
https://mailman.lug.org.uk/mailman/listinfo/scottish
