#!/bin/ksh
#Script name:itcs_chk.ksh
DT=$(date +%d.%m.%Y.%H.%M.%S)
OP_LOG=/tmp/`hostname`_itcs.out.$DT
SUM_LOG=/tmp/`hostname`_itcs.sumary.out.$DT
echo "%%%%%%%%%%%%%% Script $0 started: `date` %%%%%%%%%%%%%%" >> $OP_LOG
echo "%%%%%%%%%%%%%% Script $0 started: `date` %%%%%%%%%%%%%%" >> $SUM_LOG
echo " ==========================================" >> $SUM_LOG
echo " Summary Report " >> $SUM_LOG
echo " ==========================================" >> $SUM_LOG
###########
#Functions
###########
#1.Passwd Non-Expiry ID Check
non_expiry_passwd_chk () {
echo "\n ################### [1]Passwd Non-Expiry ID Check started ################### " >> $OP_LOG
echo "\n ################### [1]Summary of Passwd Non-Expiry ID Check ################### " >> $SUM_LOG
>/tmp/opt_a
>/tmp/opt_b
>/tmp/opt_c
>/tmp/opt_d
echo "*********** List of Passwd Non-Expiry ID on `hostname` ***********" >> /tmp/opt_a
lsuser -a maxage ALL|grep "=0" >> /tmp/opt_a
>/tmp/non_expi_passwds.txt
lsuser -a maxage ALL|grep "=0" |awk '{print $1}' > /tmp/non_expi_passwds.txt
echo "*********** ITCS Option A check started *********** " >> /tmp/opt_a
for USER in `cat /tmp/non_expi_passwds.txt`
do
lsuser -a login $USER |grep "login=false" > /dev/null 2>&1
if [ $? != 0 ]
then
lsuser -a login $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
lsuser -a rlogin $USER |grep "rlogin=false" > /dev/null 2>&1
if [ $? != 0 ]
then
lsuser -a rlogin $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER " >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
cat /etc/ftpusers |grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
echo "No entry of $USER in /etc/ftpusers file" >> /tmp/opt_a
cat /etc/ftpusers |grep $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
"lsuser -a login rlogin $USER" >> /tmp/opt_a
echo "Entry of $USER found in /etc/ftpusers file" >> /tmp/opt_a
cat /etc/ftpusers |grep $USER >> /tmp/opt_a
echo "Compliant:Option A is set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
fi
fi
fi
done
echo "*********** ITCS Option A check completed ***********" >> /tmp/opt_a
echo "*********** ITCS Option B check started ***********" >> /tmp/opt_b
for USER in `cat /tmp/non_expi_passwds.txt`
do
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep -w "*"|grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
echo "1st and 2nd column of /etc/passwd file" >> /tmp/opt_b
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep $USER >> /tmp/opt_b
echo "Non Compliant:Option B not set for $USER" >> /tmp/opt_b
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_b
else
echo "1st and 2nd column of /etc/passwd file" >> /tmp/opt_b
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep -w "*"|grep $USER >> /tmp/opt_b
echo "Compliant:Option B is set for $USER" >> /tmp/opt_b
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_b
fi
done
echo "*********** ITCS Option B check completed ***********" >> /tmp/opt_b
echo "*********** ITCS Option C check started ***********" >> /tmp/opt_c
for USER in `cat /tmp/non_expi_passwds.txt`
do
grep -p "*" /etc/security/passwd|grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
grep -p $USER /etc/security/passwd >> /tmp/opt_c
echo "Non Compliant:Option C not set for $USER" >> /tmp/opt_c
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_c
else
grep -p "*" /etc/security/passwd|grep $USER >> /tmp/opt_c
echo "Compliant:Option C is set for $USER" >> /tmp/opt_c
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_c
fi
done
echo "*********** ITCS Option C check completed ***********" >> /tmp/opt_c
echo "*********** ITCS Option D check started ***********" >> /tmp/opt_d
for USER in `cat /tmp/non_expi_passwds.txt`
do
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER|grep "/bin/false" > /dev/null 2>&1
if [ $? != 0 ]
then
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER >> /tmp/opt_d
echo "Non Compliant:Option D is not set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
else
cat /etc/ftpusers |grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
cat /etc/ftpusers |grep $USER >> /tmp/opt_d
echo "No entry of $USER in /etc/ftpusers file" >> /tmp/opt_d
echo "Non Compliant:Option D is not set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
else
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER >> /tmp/opt_d
echo "Entry of $USER found in /etc/ftpusers file" >> /tmp/opt_d
cat /etc/ftpusers |grep $USER
echo "Compliant:Option D is set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
fi
fi
done
echo "*********** ITCS Option D check completed ***********" >> /tmp/opt_d
>/tmp/tot_opt
>/tmp/sum_op
cat /tmp/opt_a > /tmp/tot_opt;cat /tmp/opt_b >> /tmp/tot_opt;cat /tmp/opt_c >> /tmp/tot_opt;cat /tmp/opt_d >> /tmp/tot_opt
cat /tmp/tot_opt >> $OP_LOG
for USER in `cat /tmp/non_expi_passwds.txt`
do
cat /tmp/tot_opt|grep Option|grep "Non Compliant"|grep $USER > /tmp/q1
U1=0
U2=4
U1=`cat /tmp/q1|wc -l`
if (( $U1 < $U2 ))
then
echo "ITCS104 compliant:$USER satisfies atleast one of 4 non-expiry passwd exemption options" >> /tmp/sum_op
else
echo "ITCS104 Non compliant:$USER doesnt satisfy any of 4 non-expiry passwd exemption options" >> /tmp/sum_op
fi
done
echo "" >> $SUM_LOG
echo "ITCS104 Non compliant users for Non-Expiry Password Exemption" >> $SUM_LOG
echo "=======================================================" >> $SUM_LOG
cat /tmp/sum_op |grep "ITCS104 Non compliant" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "ITCS104 compliant users for Non-Expiry Password Exemption" >> $SUM_LOG
echo "=======================================================" >> $SUM_LOG
cat /tmp/sum_op |grep -v "ITCS104 Non compliant" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "\n ################### [1]Passwd Non-Expiry ID Check completed ################### " >> $OP_LOG
echo "\n ################### [1]Summary of Passwd Non-Expiry ID Check ################### " >> $SUM_LOG
}
#2.ITCS104:Reusable Passwd attributes Check
reuse_passwd_attri_chk () {
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check started ################### " >> $OP_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $SUM_LOG
>/tmp/reuspass.out
echo "-----------------------------------------------" >> /tmp/reuspass.out
for usrname in `lsuser -a id ALL |awk '{print $1}'`
do
grep -wp $usrname /etc/security/passwd|grep "lastupdate" > /dev/null 2>&1
if [ $? != 0 ]
then
echo "-----------------------------------------------" >> /tmp/reuspass.out
echo " $usrname " >> /tmp/reuspass.out
echo "Password not set for $usrname" >> /tmp/reuspass.out
echo "-----------------------------------------------" >> /tmp/reuspass.out
else
echo "-----------------------------------------------" >> /tmp/reuspass.out
echo " $usrname " >> /tmp/reuspass.out
echo "Password is set for $usrname" >> /tmp/reuspass.out
minlen=`lsuser -a minlen $usrname | tr '=' ' ' |awk '{print $3}'`
minlen_def=8
if [ $minlen -ne $minlen_def ]
then
echo "ITCS104 Not Compliant: minlen is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minlen is set properly for $usrname" >> /tmp/reuspass.out
fi
minalpha=`lsuser -a minalpha $usrname | tr '=' ' ' |awk '{print $3}'`
minalpha_def=1
if [ $minalpha -ne $minalpha_def ]
then
echo "ITCS104 Not Compliant: minalpha is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minalpha is set properly for $usrname" >> /tmp/reuspass.out
fi
minother=`lsuser -a minother $usrname | tr '=' ' ' |awk '{print $3}'`
minother_def=1
if [ $minother -ne $minother_def ]
then
echo "ITCS104 Not Compliant: minother is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minother is set properly for $usrname" >> /tmp/reuspass.out
fi
maxage=`lsuser -a maxage $usrname | tr '=' ' ' |awk '{print $3}'`
maxage_def=13
if [ $maxage -ne $maxage_def ]
then
echo "ITCS104 Not Compliant: maxage is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: maxage is set properly for $usrname" >> /tmp/reuspass.out
fi
minage=`lsuser -a minage $usrname | tr '=' ' ' |awk '{print $3}'`
minage_def=1
if [ $minage -ne $minage_def ]
then
echo "ITCS104 Not Compliant: minage is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minage is set properly for $usrname" >> /tmp/reuspass.out
fi
histsize=`lsuser -a histsize $usrname | tr '=' ' ' |awk '{print $3}'`
histsize_def=8
if [ $histsize -ne $histsize_def ]
then
echo "ITCS104 Not Compliant: histsize is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: histsize is set properly for $usrname" >> /tmp/reuspass.out
fi
echo "-----------------------------------------------" >> /tmp/reuspass.out
fi
done
cat /tmp/reuspass.out >> $OP_LOG
cat /tmp/reuspass.out |grep "Not Compliant" > /dev/null
if [ $? = 0 ]
then
cat /tmp/reuspass.out |grep "Non Compliant" >> /tmp/reuspass_sum.out
else
cat /tmp/sec_log.out |grep -v "Non Compliant" >> /tmp/reuspass_sum.out
fi
echo "" >> $SUM_LOG
echo "Details of Non Compliant Reusable Passwd attributes with users" >> $SUM_LOG
echo "==============================================================" >> $SUM_LOG
cat /tmp/reuspass.out |grep "Not Compliant" >> $SUM_LOG
if [ $? != 0 ]
then
echo "No Non Compliant Reusable Passwd attributes set for users" >> $SUM_LOG
fi
echo "" >> $SUM_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $OP_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $SUM_LOG
}
############
#Main
############
non_expiry_passwd_chk
reuse_passwd_attri_chk
echo "%%%%%%%%%%%%%% Script $0 completed: `date` %%%%%%%%%%%%%%" >> $OP_LOG
echo "" >> $SUM_LOG
echo "Refer $OP_LOG for more details" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "%%%%%%%%%%%%%% Script $0 completed: `date` %%%%%%%%%%%%%%" >> $SUM_LOG
exit 0
#Script name:itcs_chk.ksh
DT=$(date +%d.%m.%Y.%H.%M.%S)
OP_LOG=/tmp/`hostname`_itcs.out.$DT
SUM_LOG=/tmp/`hostname`_itcs.sumary.out.$DT
echo "%%%%%%%%%%%%%% Script $0 started: `date` %%%%%%%%%%%%%%" >> $OP_LOG
echo "%%%%%%%%%%%%%% Script $0 started: `date` %%%%%%%%%%%%%%" >> $SUM_LOG
echo " ==========================================" >> $SUM_LOG
echo " Summary Report " >> $SUM_LOG
echo " ==========================================" >> $SUM_LOG
###########
#Functions
###########
#1.Passwd Non-Expiry ID Check
non_expiry_passwd_chk () {
echo "\n ################### [1]Passwd Non-Expiry ID Check started ################### " >> $OP_LOG
echo "\n ################### [1]Summary of Passwd Non-Expiry ID Check ################### " >> $SUM_LOG
>/tmp/opt_a
>/tmp/opt_b
>/tmp/opt_c
>/tmp/opt_d
echo "*********** List of Passwd Non-Expiry ID on `hostname` ***********" >> /tmp/opt_a
lsuser -a maxage ALL|grep "=0" >> /tmp/opt_a
>/tmp/non_expi_passwds.txt
lsuser -a maxage ALL|grep "=0" |awk '{print $1}' > /tmp/non_expi_passwds.txt
echo "*********** ITCS Option A check started *********** " >> /tmp/opt_a
for USER in `cat /tmp/non_expi_passwds.txt`
do
lsuser -a login $USER |grep "login=false" > /dev/null 2>&1
if [ $? != 0 ]
then
lsuser -a login $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
lsuser -a rlogin $USER |grep "rlogin=false" > /dev/null 2>&1
if [ $? != 0 ]
then
lsuser -a rlogin $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER " >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
cat /etc/ftpusers |grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
echo "No entry of $USER in /etc/ftpusers file" >> /tmp/opt_a
cat /etc/ftpusers |grep $USER >> /tmp/opt_a
echo "Non Compliant:Option A not set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
else
"lsuser -a login rlogin $USER" >> /tmp/opt_a
echo "Entry of $USER found in /etc/ftpusers file" >> /tmp/opt_a
cat /etc/ftpusers |grep $USER >> /tmp/opt_a
echo "Compliant:Option A is set for $USER" >> /tmp/opt_a
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_a
fi
fi
fi
done
echo "*********** ITCS Option A check completed ***********" >> /tmp/opt_a
echo "*********** ITCS Option B check started ***********" >> /tmp/opt_b
for USER in `cat /tmp/non_expi_passwds.txt`
do
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep -w "*"|grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
echo "1st and 2nd column of /etc/passwd file" >> /tmp/opt_b
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep $USER >> /tmp/opt_b
echo "Non Compliant:Option B not set for $USER" >> /tmp/opt_b
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_b
else
echo "1st and 2nd column of /etc/passwd file" >> /tmp/opt_b
awk -F: '{ print $1 " " $2 }' /etc/passwd|grep -w "*"|grep $USER >> /tmp/opt_b
echo "Compliant:Option B is set for $USER" >> /tmp/opt_b
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_b
fi
done
echo "*********** ITCS Option B check completed ***********" >> /tmp/opt_b
echo "*********** ITCS Option C check started ***********" >> /tmp/opt_c
for USER in `cat /tmp/non_expi_passwds.txt`
do
grep -p "*" /etc/security/passwd|grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
grep -p $USER /etc/security/passwd >> /tmp/opt_c
echo "Non Compliant:Option C not set for $USER" >> /tmp/opt_c
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_c
else
grep -p "*" /etc/security/passwd|grep $USER >> /tmp/opt_c
echo "Compliant:Option C is set for $USER" >> /tmp/opt_c
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_c
fi
done
echo "*********** ITCS Option C check completed ***********" >> /tmp/opt_c
echo "*********** ITCS Option D check started ***********" >> /tmp/opt_d
for USER in `cat /tmp/non_expi_passwds.txt`
do
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER|grep "/bin/false" > /dev/null 2>&1
if [ $? != 0 ]
then
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER >> /tmp/opt_d
echo "Non Compliant:Option D is not set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
else
cat /etc/ftpusers |grep $USER > /dev/null 2>&1
if [ $? != 0 ]
then
cat /etc/ftpusers |grep $USER >> /tmp/opt_d
echo "No entry of $USER in /etc/ftpusers file" >> /tmp/opt_d
echo "Non Compliant:Option D is not set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
else
awk -F: '{ print $1 " " $7}' /etc/passwd|grep $USER >> /tmp/opt_d
echo "Entry of $USER found in /etc/ftpusers file" >> /tmp/opt_d
cat /etc/ftpusers |grep $USER
echo "Compliant:Option D is set for $USER" >> /tmp/opt_d
echo "+++++++++++++++++++++++++++++++++++++++++++++" >> /tmp/opt_d
fi
fi
done
echo "*********** ITCS Option D check completed ***********" >> /tmp/opt_d
>/tmp/tot_opt
>/tmp/sum_op
cat /tmp/opt_a > /tmp/tot_opt;cat /tmp/opt_b >> /tmp/tot_opt;cat /tmp/opt_c >> /tmp/tot_opt;cat /tmp/opt_d >> /tmp/tot_opt
cat /tmp/tot_opt >> $OP_LOG
for USER in `cat /tmp/non_expi_passwds.txt`
do
cat /tmp/tot_opt|grep Option|grep "Non Compliant"|grep $USER > /tmp/q1
U1=0
U2=4
U1=`cat /tmp/q1|wc -l`
if (( $U1 < $U2 ))
then
echo "ITCS104 compliant:$USER satisfies atleast one of 4 non-expiry passwd exemption options" >> /tmp/sum_op
else
echo "ITCS104 Non compliant:$USER doesnt satisfy any of 4 non-expiry passwd exemption options" >> /tmp/sum_op
fi
done
echo "" >> $SUM_LOG
echo "ITCS104 Non compliant users for Non-Expiry Password Exemption" >> $SUM_LOG
echo "=======================================================" >> $SUM_LOG
cat /tmp/sum_op |grep "ITCS104 Non compliant" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "ITCS104 compliant users for Non-Expiry Password Exemption" >> $SUM_LOG
echo "=======================================================" >> $SUM_LOG
cat /tmp/sum_op |grep -v "ITCS104 Non compliant" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "\n ################### [1]Passwd Non-Expiry ID Check completed ################### " >> $OP_LOG
echo "\n ################### [1]Summary of Passwd Non-Expiry ID Check ################### " >> $SUM_LOG
}
#2.ITCS104:Reusable Passwd attributes Check
reuse_passwd_attri_chk () {
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check started ################### " >> $OP_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $SUM_LOG
>/tmp/reuspass.out
echo "-----------------------------------------------" >> /tmp/reuspass.out
for usrname in `lsuser -a id ALL |awk '{print $1}'`
do
grep -wp $usrname /etc/security/passwd|grep "lastupdate" > /dev/null 2>&1
if [ $? != 0 ]
then
echo "-----------------------------------------------" >> /tmp/reuspass.out
echo " $usrname " >> /tmp/reuspass.out
echo "Password not set for $usrname" >> /tmp/reuspass.out
echo "-----------------------------------------------" >> /tmp/reuspass.out
else
echo "-----------------------------------------------" >> /tmp/reuspass.out
echo " $usrname " >> /tmp/reuspass.out
echo "Password is set for $usrname" >> /tmp/reuspass.out
minlen=`lsuser -a minlen $usrname | tr '=' ' ' |awk '{print $3}'`
minlen_def=8
if [ $minlen -ne $minlen_def ]
then
echo "ITCS104 Not Compliant: minlen is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minlen is set properly for $usrname" >> /tmp/reuspass.out
fi
minalpha=`lsuser -a minalpha $usrname | tr '=' ' ' |awk '{print $3}'`
minalpha_def=1
if [ $minalpha -ne $minalpha_def ]
then
echo "ITCS104 Not Compliant: minalpha is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minalpha is set properly for $usrname" >> /tmp/reuspass.out
fi
minother=`lsuser -a minother $usrname | tr '=' ' ' |awk '{print $3}'`
minother_def=1
if [ $minother -ne $minother_def ]
then
echo "ITCS104 Not Compliant: minother is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minother is set properly for $usrname" >> /tmp/reuspass.out
fi
maxage=`lsuser -a maxage $usrname | tr '=' ' ' |awk '{print $3}'`
maxage_def=13
if [ $maxage -ne $maxage_def ]
then
echo "ITCS104 Not Compliant: maxage is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: maxage is set properly for $usrname" >> /tmp/reuspass.out
fi
minage=`lsuser -a minage $usrname | tr '=' ' ' |awk '{print $3}'`
minage_def=1
if [ $minage -ne $minage_def ]
then
echo "ITCS104 Not Compliant: minage is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: minage is set properly for $usrname" >> /tmp/reuspass.out
fi
histsize=`lsuser -a histsize $usrname | tr '=' ' ' |awk '{print $3}'`
histsize_def=8
if [ $histsize -ne $histsize_def ]
then
echo "ITCS104 Not Compliant: histsize is not set properly for $usrname" >> /tmp/reuspass.out
else
echo "ITCS104 Compliant: histsize is set properly for $usrname" >> /tmp/reuspass.out
fi
echo "-----------------------------------------------" >> /tmp/reuspass.out
fi
done
cat /tmp/reuspass.out >> $OP_LOG
cat /tmp/reuspass.out |grep "Not Compliant" > /dev/null
if [ $? = 0 ]
then
cat /tmp/reuspass.out |grep "Non Compliant" >> /tmp/reuspass_sum.out
else
cat /tmp/sec_log.out |grep -v "Non Compliant" >> /tmp/reuspass_sum.out
fi
echo "" >> $SUM_LOG
echo "Details of Non Compliant Reusable Passwd attributes with users" >> $SUM_LOG
echo "==============================================================" >> $SUM_LOG
cat /tmp/reuspass.out |grep "Not Compliant" >> $SUM_LOG
if [ $? != 0 ]
then
echo "No Non Compliant Reusable Passwd attributes set for users" >> $SUM_LOG
fi
echo "" >> $SUM_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $OP_LOG
echo "\n ################### [2]ITCS104:Reusable Passwd attributes Check completed ################### " >> $SUM_LOG
}
############
#Main
############
non_expiry_passwd_chk
reuse_passwd_attri_chk
echo "%%%%%%%%%%%%%% Script $0 completed: `date` %%%%%%%%%%%%%%" >> $OP_LOG
echo "" >> $SUM_LOG
echo "Refer $OP_LOG for more details" >> $SUM_LOG
echo "" >> $SUM_LOG
echo "%%%%%%%%%%%%%% Script $0 completed: `date` %%%%%%%%%%%%%%" >> $SUM_LOG
exit 0
No comments:
Post a Comment