Users who have never changed their password from /etc/shadow.

catalint · May 12, 2011, 4:21am

Hello,

I have to do a script which returns users who have never changed their password from /etc/shadow.
Here is what have I done and I'm not sure if it's ok.
I tried to return just users who doesn;t have password set or are locked.
Can be there other kind of user who never changed the password?

#!/bin/sh -x
USRFILE="/etc/shadow"

for i in `grep -v '^+' $USRFILE | cut -d: -f1,2`
do
  userpname=`echo $i|cut -d: -f1`
  password=`echo $i|cut -d: -f2`
  if [ "x$password" -eq "x*LK*" ] || [ "x$passwd" -eq "xNP" ]
  then
    if [ "$RESULT" = "PASS" ]
      then
        RESULT="FAIL"
        REASON="Users who have changed their password were found"
      fi
      echo "$userpname user in �/etc/shadow� without changed password." 
  fi
done

thanks and regards,
catalint

methyl · May 12, 2011, 10:48am

What Operating System and version are you running?

catalint · May 12, 2011, 10:49am

SunOS 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Blade-100 and also 5.9.

methyl · May 12, 2011, 11:10am

See the "logins" command (specifically -xto options). All the information is there (albeit with American dates).

By the way. NP means "no password" which is a security risk. This is different from having a last changed date of "000000".