Shell Scripting: Users "**Never logged in**"

cparker15 · 10-02-2003, 01:56 PM

I'm new to shell scripting and am trying to automate the checking of a certain security risk.

I'm trying to test and see if there are any user accounts that haven't been logged in yet. I know I can do this with a script such as

Code:

#!/bin/bash
lastlog | grep '**Never logged in**'

However, there are some system users in there that I don't want to consider deleting.

I've read that when a new user is created, the UID (User ID) starts at 500 and increments. I believe I should be able to grab the individual's user ID like this:

Code:

#!/bin/bash
cut -f : -d 3 /etc/passwd

However, I'm having some difficulty figuring out how to combine these two methodologies to output only new custom users (versus system users who will never be logged in on my systems).

Since new users on my system will be assigned generic passwords (all of which are going to be the same password), unused user accounts are a security risk on my systems. I'd like to automate the checking process to save myself some time.

Thanks everyone!

unSpawn · 10-02-2003, 03:48 PM

Quickie:

Code:

cat /etc/passwd | while read l; do 
# IFS saves me using "cut" here
IFS=":"; l=( ${l} )
if [ "${l[2]}" -ge "500" ]; then 
# "expr" saves me using "grep" here
expr index "$(lastlog -u "${l[0]}")" "*">/dev/null
case "$?" in 0) echo ${l[0]} never logged in;; esac
fi; done

new users on my system will be assigned generic passwords (all of which are going to be the same password),
Why? Is this absolutely necessary?

unused user accounts are a security risk on my systems.
...yes, and you're doing your best to thwart any efforts to correct it, right? :-]

I've read that when a new user is created, the UID (User ID) starts at 500 and increments.
Starting UID is configurable though.