LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-01-2011, 01:24 PM   #1
aksharb
LQ Newbie
 
Registered: Mar 2011
Posts: 27

Rep: Reputation: 0
Block User accounts who has not logged in to the server last 2 months


Hi,

We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them.
Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.
What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic.
We are going to write shell script for the same.
Any help would be appreciated.
W dont want to do anything in users home area or their files.

-Akshar

Last edited by aksharb; 03-01-2011 at 10:15 PM.
 
Old 03-01-2011, 02:39 PM   #2
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: SLED, openSUSE
Posts: 1,032

Rep: Reputation: 174Reputation: 174
Looking at .bashrc doesn't sound reliable. Presumably you back up user's home directories and that would probably access their .bashrc.

Assuming you have centralised authentication (you mention NIS but don't say what you're using it for), I'd probably start by looking at the logs on the authentication server.
 
Old 03-01-2011, 06:24 PM   #3
manolomalaga
LQ Newbie
 
Registered: Aug 2003
Posts: 14

Rep: Reputation: 0
Hi, you can put this command inside the .bashrc file of the user account:

usermod -e `date '+%Y-%m-%d' --date='2 month'` username
 
Old 03-02-2011, 02:07 AM   #4
pvs
Member
 
Registered: Jan 2005
Location: Lviv, Ukraine
Distribution: Something self-made
Posts: 69

Rep: Reputation: 16
Quote:
Originally Posted by manolomalaga View Post
Hi, you can put this command inside the .bashrc file of the user account:
Bad idea.
.bashrc is writable by user, so everyone will be able to remove this limitation
Log analyzer seems to be more appropriate.
 
Old 03-02-2011, 04:03 AM   #5
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: SLED, openSUSE
Posts: 1,032

Rep: Reputation: 174Reputation: 174
Quote:
Originally Posted by manolomalaga View Post
Hi, you can put this command inside the .bashrc file of the user account:

usermod -e `date '+%Y-%m-%d' --date='2 month'` username

I suspect that wouldn't work because the users are managed centrally rather than existing on each machine. Even if that isn't the case, it wouldn't work because usermod needs to be run by root. Also, what pvs said. (Such a command should be placed in to /etc/bash.bashrc or equivalent anyway so as to avoid the need to modify lots of .bashrc files and to avoid the scenario pvs mentions.)
 
Old 03-02-2011, 06:14 AM   #6
manolomalaga
LQ Newbie
 
Registered: Aug 2003
Posts: 14

Rep: Reputation: 0
managed centrally with Samba?
 
Old 03-02-2011, 06:58 AM   #7
aksharb
LQ Newbie
 
Registered: Mar 2011
Posts: 27

Original Poster
Rep: Reputation: 0
it is not samba managed. Kindly provide us any robust logic/idea.
 
Old 03-02-2011, 07:49 AM   #8
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: SLED, openSUSE
Posts: 1,032

Rep: Reputation: 174Reputation: 174
Quote:
Originally Posted by manolomalaga View Post
managed centrally with Samba?
The OP mentioned NIS, which can be used to manage accounts centrally. Though the OP has not bothered to clarify whether or not this is what they are doing or whether they're using NIS for authentication.

Quote:
Originally Posted by aksharb View Post
it is not samba managed. Kindly provide us any robust logic/idea.

Hey, you know your set up, you're in the best position to figure it out. If you can set all that stuff up, you should have a decent idea of how to figure out the solution yourselves.

Is authentication done against a central server? If so, see my previous reply. Otherwise you'll have to trawl the logs on each server. Look at the output of 'last' and if that doesn't go back far enough then try running last against the archived versions of /var/log/wtmp.
 
Old 03-02-2011, 08:50 PM   #9
yash singh
LQ Newbie
 
Registered: Oct 2008
Posts: 9
Blog Entries: 1

Rep: Reputation: 0
use chage command to lock the account of the user who has not logged in from last 60 days
chage -m -M 60 -W 10 -E -1 "name of the user"
 
Old 03-02-2011, 09:40 PM   #10
aksharb
LQ Newbie
 
Registered: Mar 2011
Posts: 27

Original Poster
Rep: Reputation: 0
hi arizonagroovejet/members,

Authentication is done against nis and there is load balancing among these servers. I think i will have to look at "last" command output on each nis clients and check whether user has logged in or not.

But is there ant other logic that can be implemented?
 
Old 03-04-2011, 03:08 PM   #11
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: SLED, openSUSE
Posts: 1,032

Rep: Reputation: 174Reputation: 174
Quote:
Originally Posted by aksharb View Post
hi arizonagroovejet/members,

Authentication is done against nis and there is load balancing among these servers. I think i will have to look at "last" command output on each nis clients and check whether user has logged in or not.
If authentication is happening against more than one NIS server, just look at the logs of all the servers.


Quote:
Originally Posted by aksharb View Post
But is there ant other logic that can be implemented?
Well you can look at logs on the servers or you can look at logs on the clients. I can't think of any other way of finding the information.
 
Old 03-14-2011, 12:16 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Moved: This thread is more suitable in <LQ Sec> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Regular user accounts wont stay logged in aes canis Slackware 12 01-10-2010 01:43 AM
Moving of user accounts from one server to other zealkabi Linux - Enterprise 2 06-16-2006 03:02 AM
Unknown User PHP logged in and crashed my server bootface Linux - Security 7 04-15-2005 07:24 AM
redhat 2.1 server user accounts fotoguy Linux - General 3 01-01-2004 04:14 PM
mozilla works fine when logged in as a user but crashes when logged in as root jimi Linux - General 6 04-02-2003 09:34 PM


All times are GMT -5. The time now is 11:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration