Unix / Solaris Password Expiration Automated email notification

I have been entrusted with setting up a mail alert system for user password expiration. The user should automatically get intimated through mail a few days before his password expiration date. I wrote a small script by taking help from www.unix.com and other forums.
Below is the script for checking the age of the password and alert the user if password is going to expire in next 15 days.

Script Name  :- /usr/bin/solchage

---script start here----
#!/usr/bin/bash
umask 0022
PATH=/usr/bin:/usr/sbin
SHADOW=/etc/shadow
DSHADOW=/etc/shadow.dummy
USER=$1

# Copy the contents of /etc/shadow to a dummy file and make sure the entries for system  
# users are not there in the dummy file. Also replace the encrypted password field with      
# *LK* to make sure passwords are not visible or cannot be copied by someone else.

cat ${SHADOW} | egrep -v "root|daemon|etc" | awk -F: '{print $1,"*LK*",$3,$4,$5,$6,$7,$8}' | sed 's/ /:/g' > ${DSHADOW}

PASSWDFILE=/etc/passwd

# Specify the mail domain of your company here.
DOMAIN=xyz.com

# The next line extracts the users email id from GECOS field of /etc/passwd file. So as a pre # requisite to running this script, you must enter the email id of the user, without the            # domain name, in GECOS field as i have assumed here. Let me know if you can think of a
# more elegant way of extracting this information.

EMAIL=`grep ^${USER} ${PASSWDFILE} | awk -F: '{print $5}'`

# Save the message in a file.
FILE=/tmp/msg.$$

# Set the password policy here, i.e the number of days after which user must change              # password.
PWPOLICY=90
# Set the warning period here.
WARN=15

# Calculate the number of seconds elapsed since Jan 1 ,1970 i.e Unix epoch.

EPOCH=`perl -e 'print time;'`

# Convert the number of seconds into days.

DAYSEPOCH=`expr ${EPOCH} / 86400`

# Calculate the number of days since password was changed for the last time for a particular # user. This info can be extracted from 3rd field of /etc/passwd file. This is expressed as
# the number of days between January 1,  1970, and  the  date  that  the  password was last
# modified.

LASTCHG=`grep ^${USER} ${DSHADOW} | awk -F: '{print $3}'`


# Subtract the above value from the number of days since epoch to arrive at the number    #  of days since last password change. 

PASSWDCHANGE=`expr ${DAYSEPOCH} - ${LASTCHG}`

EXPIRED=`expr ${PWPOLICY} - ${PASSWDCHANGE}`

if [ "${EXPIRED}" -lt "${WARN}" ]; then

cat > ${FILE} <<EOF
Dear ${USER},
Your password will expire in ${EXPIRED} days. Please change it as soon as possible.
EOF

mailx -s "Password expiring soon." ${EMAIL}@${DOMAIN} < ${FILE}

fi--- script end here---

To run the above main script, you have to run another small script which i produce below.
Copy the above script and place it under /usr/bin and name it solchage. Ofcourse you can give it another name, its upto you but make corresponding changes in below script as well if you do so.

Lets name the second script as /var/pwexpire.sh. So put this script in crontab for execution once everyday. It will run for all users, and send them a mail if their password is going to expire within 15 days.

Script Name:- /var/pwexpire.sh

--- script begin here ---

cat /etc/passwd | egrep -v "root|daemon|etc|sys|adm|lp|uucp|nuucp|smmsp|listen|gdm|webservd|postgres|svctag|nobody|noaccess|nobody4" | awk -F: '{print $1}' | egrep -v "bin" | xargs -I {} /usr/bin/solchage {}

---script end here---


What the above script does ? Let us examine step by step.

1) It reads /etc/passwd file and cuts out system users from the list
2) Then prints the remaining usernames using awk and removes all other entries except first filed from the output.
3) Then xargs executes our script /usr/bin/solchage one by one for every listed user. This is required because the our script takes username as argument ( see USER=$1 above ) and runs for that particular user.

You will have to give execute permissions to both the scripts.

Nagios server setup on Linux

1. Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions).
wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.3.tar.gz
wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

2. Login to the server as root user


3. Create a new nagios user account and assign it a password.
# useradd -m nagios
# passwd nagios

4. Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the Apache user to the group.
# /usr/sbin/groupadd nagcmd
# /usr/sbin/usermod -G nagcmd nagios
# /usr/sbin/usermod -G nagcmd apache

5. Extract the Nagios source code tarball.
# cd ~/downloads
# tar xzf nagios-3.0.3.tar.gz
# cd nagios-3.0.3

Run the Nagios configure script, with the name of the group nagcmd created earlier :
# ./configure --with-command-group=nagcmd

6. Compile the Nagios source code.
# make all
Install binaries, init script, sample config files and set permissions on the external command directory as shown in the below steps
# make install
# make install-init
# make install-config
# make install-commandmode

7. Customize Configuration
Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...
Edit the /usr/local/nagios/etc/objects/contacts.cfg config file using vi editor and change the email address associated with the nagiosadmin contact definition to your email address 
# vi /usr/local/nagios/etc/objects/contacts.cfg

8. Configure the Web Interface
Install the Nagios web config file in the Apache conf.d directory.
make install-webconf
# make install-webconf
/usr/bin/install -c -m 644 sample-config/httpd.conf /etc/httpd/conf.d/nagios.conf

8. Create a nagiosadmin account for logging into the Nagios web interface.
# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Restart Apache to make the new settings take effect.
# service httpd restart

9. Compile and Install the Nagios Plugins

# cd ~/downloads
# tar xzf nagios-plugins-1.4.11.tar.gz
# cd nagios-plugins-1.4.11
# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
# make
# make install




10. Object configuration files
As mentioned, when the configuration files are split up, Nagios reads the data from these files in order for it to process host and service checks across the network. The templates for all these files are provided in localhosts.cfg file and we need to copy the definitions to separate files as shown below.

10.1 Create the configuration files

# cd /usr/local/nagios/etc/objects/
# touch hostgroup.cfg hosts.cfg services.cfg

10.2 Copy the Services Definitions

# vi localhost.cfg

# vi services.cfg
Paste the Services Definitions

#vi localhost.cfg
Copy the Host Definitions
#vi hosts.cfg
Paste the Host Definitions

#vi localhost.cfg
Copy the Host Definitions
# vi hostgroup.cfg
Paste the hostgroup Definitions

Setting up nagios.cfg
# cd /etc/nagios
# mv localhost.cfg localhost.cfg_org

Next configure the main nagios.cfg file .
# vi nagios.cfg
and make the changes shown below

# OBJECT CONFIGURATION FILE(S)
cfg_file=/etc/nagios/contacts.cfg
cfg_file=/etc/nagios/hostgroups.cfg
cfg_file=/etc/nagios/hosts.cfg
cfg_file=/etc/nagios/services.cfg
cfg_file=/etc/nagios/timeperiods.cfg

# EXTERNAL COMMAND OPTION
check_external_commands=1

# EXTERNAL COMMAND CHECK INTERVAL
command_check_interval=1


11. Starting Nagios

# chkconfig nagios on
# nagios -v nagios.cfg

Nagios 2.4
Copyright (c) 1999-2006 Ethan Galstad (http://www.nagios.org)
Last Modified: 05-31-2006
License: GPL

Reading configuration data...

Running pre-flight check on configuration data...

Total Warnings: 85
Total Errors:   0

Things look okay - No serious problems were detected during the pre-flight check

# service nagios start

Starting network monitor: nagios
 

SUNWjet server installation steps ( jumpstart )

SUNWjet is a new enhanced version of jumpstart and is easier to configure than older versions of jumpstart. You can download SUNWjet packge from OTN at this link http://www.oracle.com/technetwork/systems/jet-toolkit/index.html/

The steps to install and configure your JET server are:-

1) # pkgadd -d . SUNWjet   ( install the package)

2) # mount -o ro -F hsfs /dev/dsk/c0t4d0s2 /cdrom                  (mount the solaris DVD)

3) # /opt/jet/bin/copy_solaris_media /cdrom    (by default image will get copied to /export/install/media)

4) # /opt/jet/bin/list_solaris_locations

5) # mkdir /export/install/patches

6) # mkdir /export/install/pkgs

7) # /opt/jet/bin/make_template solclnt01     (create a template file)

8) # vi /opt/jet/Templates/solclnt01           (edit the 3 parameters listed below)

base_config_ClientArch="sun4u"
base_config_ClientEther=0:3:ba:ef:60:39
base_config_ClientOS="10"

9) # /opt/jet/bin/make_client solclnt01

 

From ok prompt of the client machine, type the below command to get started

10) ok   boot net - install -w

 

After this step, rest of the installation is vanilla.

Disabling sendmail daemon (SMTP) on solaris 10

The sendmail daemon runs on port 25 and is enable by default on solaris boxes.
The sendmail daemon is not needed to be running on servers which are meant to be mail clients. To disable sendmail service use below steps:-

1. Edit /etc/default/sendmail . Create the file if its not already there and include the following values:
MODE=Ac
QUEUEINTERVAL=”15m”

2. Stop the sendmail service 
/etc/init.d/sendmail stop

3. Now edit /etc/sendmail/submit.cf

and change the line shown here: D{MTAHost}[127.0.0.1]
to :
D{MTAHost}[<ur-mail-server-ip>]

4.  Start the sendmail service.
    /etc/init.d/sendmail start

Now port 25 on localhost would be disabled and server wont be listening on that port anymore.