Home | History | Annotate | Line # | Download | only in skey 
      1  1.1  deraadt #!/bin/sh
      2  1.2  thorpej #
      3  1.5       is #	$NetBSD: skeyaudit.sh,v 1.5 2022/10/11 15:59:38 is Exp $
      4  1.2  thorpej #
      5  1.1  deraadt # This script will look thru the skeykeys file for
      6  1.3      mjl # people with sequence numbers less than LOWLIMIT=12
      7  1.1  deraadt # and send them an e-mail reminder to use skeyinit soon
      8  1.1  deraadt # 
      9  1.1  deraadt 
     10  1.1  deraadt AWK=/usr/bin/awk
     11  1.1  deraadt GREP=/usr/bin/grep
     12  1.1  deraadt ECHO=/bin/echo
     13  1.1  deraadt KEYDB=/etc/skeykeys
     14  1.1  deraadt LOWLIMIT=12
     15  1.1  deraadt ADMIN=root
     16  1.1  deraadt SUBJECT="Reminder: Run skeyinit"
     17  1.1  deraadt HOST=`/bin/hostname`
     18  1.1  deraadt 
     19  1.1  deraadt 
     20  1.1  deraadt if [ "$1" != "" ]
     21  1.1  deraadt then
     22  1.1  deraadt  LOWLIMIT=$1
     23  1.1  deraadt fi
     24  1.1  deraadt 
     25  1.4      mjl if [ ! -s "${KEYDB}" ]; then
     26  1.4      mjl   exit 0
     27  1.4      mjl fi
     28  1.1  deraadt 
     29  1.1  deraadt # an skeykeys entry looks like
     30  1.1  deraadt #   jsw 0076 la13079          ba20a75528de9d3a
     31  1.3      mjl #   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
     32  1.3      mjl #   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
     33  1.3      mjl # the sequence number is the second (or third) entry
     34  1.1  deraadt #
     35  1.1  deraadt 
     36  1.3      mjl SKEYS=`$AWK '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
     37  1.3      mjl 
     38  1.3      mjl set -- ${SKEYS}
     39  1.3      mjl 
     40  1.3      mjl while [ "X$1" != "X" ]; do
     41  1.3      mjl   USER=$1
     42  1.3      mjl   SEQ=$2
     43  1.3      mjl   KEY=$3
     44  1.3      mjl   shift 3
     45  1.4      mjl   # echo "$USER -- $SEQ -- $KEY"
     46  1.3      mjl   if [ $SEQ -lt $LOWLIMIT ]; then
     47  1.3      mjl     if [ $SEQ -lt  3 ]; then
     48  1.3      mjl       SUBJECT="IMPORTANT action required"
     49  1.3      mjl     fi
     50  1.3      mjl     (
     51  1.3      mjl     $ECHO "You are nearing the end of your current S/Key sequence for account $i"
     52  1.3      mjl     $ECHO "on system $HOST."
     53  1.3      mjl     $ECHO ""
     54  1.3      mjl     $ECHO "Your S/key sequence number is now $SEQ.  When it reaches zero you"
     55  1.3      mjl     $ECHO "will no longer be able to use S/Key to login into the system.  "
     56  1.3      mjl     $ECHO " "
     57  1.3      mjl     $ECHO "Use \"skeyinit -s\" to reinitialize your sequence number."
     58  1.3      mjl     $ECHO ""
     59  1.5       is     ) | /usr/bin/mailx -s "$SUBJECT"  $USER $ADMIN
     60  1.1  deraadt   fi
     61  1.1  deraadt done
     62