Home | History | Annotate | Line # | Download | only in skey
skeyaudit.sh revision 1.2.12.2 
      1       1.1  deraadt #!/bin/sh
      2       1.2  thorpej #
      3  1.2.12.2      mjl #	$NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
      4       1.2  thorpej #
      5       1.1  deraadt # This script will look thru the skeykeys file for
      6  1.2.12.1      mjl # people with sequence numbers less than LOWLIMIT=12
      7       1.1  deraadt # and send them an e-mail reminder to use skeyinit soon
      8       1.1  deraadt # 
      9       1.1  deraadt 
     10       1.1  deraadt AWK=/usr/bin/awk
     11       1.1  deraadt GREP=/usr/bin/grep
     12       1.1  deraadt ECHO=/bin/echo
     13       1.1  deraadt KEYDB=/etc/skeykeys
     14       1.1  deraadt LOWLIMIT=12
     15       1.1  deraadt ADMIN=root
     16       1.1  deraadt SUBJECT="Reminder: Run skeyinit"
     17       1.1  deraadt HOST=`/bin/hostname`
     18       1.1  deraadt 
     19       1.1  deraadt 
     20       1.1  deraadt if [ "$1" != "" ]
     21       1.1  deraadt then
     22       1.1  deraadt  LOWLIMIT=$1
     23       1.1  deraadt fi
     24       1.1  deraadt 
     25  1.2.12.2      mjl if [ ! -s "${KEYDB}" ]; then
     26  1.2.12.2      mjl   exit 0
     27  1.2.12.2      mjl fi
     28       1.1  deraadt 
     29       1.1  deraadt # an skeykeys entry looks like
     30       1.1  deraadt #   jsw 0076 la13079          ba20a75528de9d3a
     31  1.2.12.1      mjl #   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
     32  1.2.12.1      mjl #   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
     33  1.2.12.1      mjl # the sequence number is the second (or third) entry
     34       1.1  deraadt #
     35       1.1  deraadt 
     36  1.2.12.1      mjl SKEYS=`$AWK '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
     37  1.2.12.1      mjl 
     38  1.2.12.1      mjl set -- ${SKEYS}
     39  1.2.12.1      mjl 
     40  1.2.12.1      mjl while [ "X$1" != "X" ]; do
     41  1.2.12.1      mjl   USER=$1
     42  1.2.12.1      mjl   SEQ=$2
     43  1.2.12.1      mjl   KEY=$3
     44  1.2.12.1      mjl   shift 3
     45  1.2.12.2      mjl   # echo "$USER -- $SEQ -- $KEY"
     46  1.2.12.1      mjl   if [ $SEQ -lt $LOWLIMIT ]; then
     47  1.2.12.1      mjl     if [ $SEQ -lt  3 ]; then
     48  1.2.12.1      mjl       SUBJECT="IMPORTANT action required"
     49  1.2.12.1      mjl     fi
     50  1.2.12.1      mjl     (
     51  1.2.12.1      mjl     $ECHO "You are nearing the end of your current S/Key sequence for account $i"
     52  1.2.12.1      mjl     $ECHO "on system $HOST."
     53  1.2.12.1      mjl     $ECHO ""
     54  1.2.12.1      mjl     $ECHO "Your S/key sequence number is now $SEQ.  When it reaches zero you"
     55  1.2.12.1      mjl     $ECHO "will no longer be able to use S/Key to login into the system.  "
     56  1.2.12.1      mjl     $ECHO " "
     57  1.2.12.1      mjl     $ECHO "Use \"skeyinit -s\" to reinitialize your sequence number."
     58  1.2.12.1      mjl     $ECHO ""
     59  1.2.12.1      mjl     ) | /usr/bin/Mail -s "$SUBJECT"  $USER $ADMIN
     60       1.1  deraadt   fi
     61       1.1  deraadt done
     62