Home | History | Annotate | Line # | Download | only in skey
skeyaudit.sh revision 1.4.102.1 
      1        1.1  deraadt #!/bin/sh
      2        1.2  thorpej #
      3  1.4.102.1   martin #	$NetBSD: skeyaudit.sh,v 1.4.102.1 2022/10/11 18:25:26 martin Exp $
      4        1.2  thorpej #
      5        1.1  deraadt # This script will look thru the skeykeys file for
      6        1.3      mjl # people with sequence numbers less than LOWLIMIT=12
      7        1.1  deraadt # and send them an e-mail reminder to use skeyinit soon
      8        1.1  deraadt # 
      9        1.1  deraadt 
     10        1.1  deraadt AWK=/usr/bin/awk
     11        1.1  deraadt GREP=/usr/bin/grep
     12        1.1  deraadt ECHO=/bin/echo
     13        1.1  deraadt KEYDB=/etc/skeykeys
     14        1.1  deraadt LOWLIMIT=12
     15        1.1  deraadt ADMIN=root
     16        1.1  deraadt SUBJECT="Reminder: Run skeyinit"
     17        1.1  deraadt HOST=`/bin/hostname`
     18        1.1  deraadt 
     19        1.1  deraadt 
     20        1.1  deraadt if [ "$1" != "" ]
     21        1.1  deraadt then
     22        1.1  deraadt  LOWLIMIT=$1
     23        1.1  deraadt fi
     24        1.1  deraadt 
     25        1.4      mjl if [ ! -s "${KEYDB}" ]; then
     26        1.4      mjl   exit 0
     27        1.4      mjl fi
     28        1.1  deraadt 
     29        1.1  deraadt # an skeykeys entry looks like
     30        1.1  deraadt #   jsw 0076 la13079          ba20a75528de9d3a
     31        1.3      mjl #   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
     32        1.3      mjl #   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
     33        1.3      mjl # the sequence number is the second (or third) entry
     34        1.1  deraadt #
     35        1.1  deraadt 
     36        1.3      mjl SKEYS=`$AWK '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
     37        1.3      mjl 
     38        1.3      mjl set -- ${SKEYS}
     39        1.3      mjl 
     40        1.3      mjl while [ "X$1" != "X" ]; do
     41        1.3      mjl   USER=$1
     42        1.3      mjl   SEQ=$2
     43        1.3      mjl   KEY=$3
     44        1.3      mjl   shift 3
     45        1.4      mjl   # echo "$USER -- $SEQ -- $KEY"
     46        1.3      mjl   if [ $SEQ -lt $LOWLIMIT ]; then
     47        1.3      mjl     if [ $SEQ -lt  3 ]; then
     48        1.3      mjl       SUBJECT="IMPORTANT action required"
     49        1.3      mjl     fi
     50        1.3      mjl     (
     51        1.3      mjl     $ECHO "You are nearing the end of your current S/Key sequence for account $i"
     52        1.3      mjl     $ECHO "on system $HOST."
     53        1.3      mjl     $ECHO ""
     54        1.3      mjl     $ECHO "Your S/key sequence number is now $SEQ.  When it reaches zero you"
     55        1.3      mjl     $ECHO "will no longer be able to use S/Key to login into the system.  "
     56        1.3      mjl     $ECHO " "
     57        1.3      mjl     $ECHO "Use \"skeyinit -s\" to reinitialize your sequence number."
     58        1.3      mjl     $ECHO ""
     59  1.4.102.1   martin     ) | /usr/bin/mailx -s "$SUBJECT"  $USER $ADMIN
     60        1.1  deraadt   fi
     61        1.1  deraadt done
     62