#!/bin/sh ################################################################## ## File: unix.logins ## Date: September 29, 2015 ## Author: BRANT PUTTKAMMER ## Purpose: daily audit of password changes on the unix host ## PROPERTY OF BRANT PUTTKAMMER, PLEASE CONTACT ME IF YOU HAVE QUESTIONS ## PLEASE USE CAUTION WHEN RUNNING THIS PROGRAM ON YOUR SYSTEM ################################################################## # /data/udc/ud/bin - DIRECTORY FOR UNIX PROCS ################################################################### export CurrentDayNumber=$(date +"%d") currtime=$(date +"%s") DateStamp=$(date +"%Y%m%d%H%M%S") failurediff=$(( $currtime - 87000 )) emailfile="/etc/security/temp/final-email" logfile="/etc/security/temp/log" # CRON LOG SAVED IN /var/log/cron/ chmod 777 /etc/security/temp/* cat /dev/null > $emailfile cat /dev/null > $logfile echo "currtime[$currtime]" >> $logfile timechunklastupdate=$(grep -n "lastupdate = " /etc/security/passwd | cut -d " " -f 3) echo "timechunklastupdate=[$timechunklastupdate]" >> $logfile echo "" cat /dev/null > /etc/security/temp/emailw set -A ArrayNames "$timechunklastupdate" for d in ${ArrayNames[@]}; do cat /dev/null > /etc/security/temp/emailx d=$(( $d + 0 )) if [[ "$d" > 0 ]]; then string="lastupdate = ${d}" echo "string=[$string]" >> $logfile a=$(grep -n "$string" /etc/security/passwd | cut -d : -f 1) a=$(( $a + 0 )) echo "a=[$a]" >> $logfile if [ $d -gt $failurediff ] && [ $a -gt 0 ]; then begin=$(( $a - 4 )) end=$(( $a + 4 )) sed -n -e "${begin},${end}p" -e "${end}q" "/etc/security/passwd" >> /etc/security/temp/emailx sed -n '/$string/,/^$/p' /etc/security/passwd >> /etc/security/temp/emailx sed -n -e "/^$/,/^$/p" "/etc/security/temp/emailx" >> /etc/security/temp/emailw fi fi done cat /etc/security/temp/emailw >> $emailfile # NOW USE AGGREGATE FILE TO CHECK TIMESTAMPS FOR LAST LOGIN TIME lastupdate=$(grep -n "lastupdate = " $emailfile | cut -d " " -f 3) set -A ArrayNames "$lastupdate" for b in ${ArrayNames[@]}; do humanreadable=$(perl -le 'print scalar localtime $ARGV[0]' $b) perl -pi -e "s/$b/[$humanreadable]/g" $emailfile done echo "" # SEND EMAIL OF RESULTS if [ -s $emailfile ]; then echo "EMAIL HAS BEEN CREATED AND LOG FILE WILL BE SAVED - ARCHIVED /your/archive/directory/passwd/" ( cat $emailfile ) | mailx -s "UNIX Password Changes for past 24 Hours" -r info@uecu.coop "bputtkammer@uecu.coop" # SAVE LOG FILE OF ALL FAILED LOGINS FOR PAST 24 HOURS cp -p $emailfile /your/archive/directory/passwd/passwd-$DateStamp fi echo "" echo "" echo "SCRIPT HAS COMPLETED"