LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Block User accounts who has not logged in to the server last 2 months (http://www.linuxquestions.org/questions/linux-security-4/block-user-accounts-who-has-not-logged-in-to-the-server-last-2-months-865776/)

aksharb 03-01-2011 12:24 PM

Block User accounts who has not logged in to the server last 2 months
 
Hi,

We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them.
Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.
What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic.
We are going to write shell script for the same.
Any help would be appreciated.
W dont want to do anything in users home area or their files.

-Akshar

arizonagroovejet 03-01-2011 01:39 PM

Looking at .bashrc doesn't sound reliable. Presumably you back up user's home directories and that would probably access their .bashrc.

Assuming you have centralised authentication (you mention NIS but don't say what you're using it for), I'd probably start by looking at the logs on the authentication server.

manolomalaga 03-01-2011 05:24 PM

Hi, you can put this command inside the .bashrc file of the user account:

usermod -e `date '+%Y-%m-%d' --date='2 month'` username

pvs 03-02-2011 01:07 AM

Quote:

Originally Posted by manolomalaga (Post 4275684)
Hi, you can put this command inside the .bashrc file of the user account:

Bad idea.
.bashrc is writable by user, so everyone will be able to remove this limitation
Log analyzer seems to be more appropriate.

arizonagroovejet 03-02-2011 03:03 AM

Quote:

Originally Posted by manolomalaga (Post 4275684)
Hi, you can put this command inside the .bashrc file of the user account:

usermod -e `date '+%Y-%m-%d' --date='2 month'` username


I suspect that wouldn't work because the users are managed centrally rather than existing on each machine. Even if that isn't the case, it wouldn't work because usermod needs to be run by root. Also, what pvs said. (Such a command should be placed in to /etc/bash.bashrc or equivalent anyway so as to avoid the need to modify lots of .bashrc files and to avoid the scenario pvs mentions.)

manolomalaga 03-02-2011 05:14 AM

managed centrally with Samba?

aksharb 03-02-2011 05:58 AM

it is not samba managed. Kindly provide us any robust logic/idea.

arizonagroovejet 03-02-2011 06:49 AM

Quote:

Originally Posted by manolomalaga (Post 4276171)
managed centrally with Samba?

The OP mentioned NIS, which can be used to manage accounts centrally. Though the OP has not bothered to clarify whether or not this is what they are doing or whether they're using NIS for authentication.

Quote:

Originally Posted by aksharb (Post 4276219)
it is not samba managed. Kindly provide us any robust logic/idea.


Hey, you know your set up, you're in the best position to figure it out. If you can set all that stuff up, you should have a decent idea of how to figure out the solution yourselves.

Is authentication done against a central server? If so, see my previous reply. Otherwise you'll have to trawl the logs on each server. Look at the output of 'last' and if that doesn't go back far enough then try running last against the archived versions of /var/log/wtmp.

yash singh 03-02-2011 07:50 PM

use chage command to lock the account of the user who has not logged in from last 60 days
chage -m -M 60 -W 10 -E -1 "name of the user"

aksharb 03-02-2011 08:40 PM

hi arizonagroovejet/members,

Authentication is done against nis and there is load balancing among these servers. I think i will have to look at "last" command output on each nis clients and check whether user has logged in or not.

But is there ant other logic that can be implemented?

arizonagroovejet 03-04-2011 02:08 PM

Quote:

Originally Posted by aksharb (Post 4277144)
hi arizonagroovejet/members,

Authentication is done against nis and there is load balancing among these servers. I think i will have to look at "last" command output on each nis clients and check whether user has logged in or not.

If authentication is happening against more than one NIS server, just look at the logs of all the servers.


Quote:

Originally Posted by aksharb (Post 4277144)
But is there ant other logic that can be implemented?

Well you can look at logs on the servers or you can look at logs on the clients. I can't think of any other way of finding the information.

Tinkster 03-14-2011 11:16 AM

Moved: This thread is more suitable in <LQ Sec> and has been moved accordingly to help your thread/question get the exposure it deserves.


All times are GMT -5. The time now is 07:15 PM.