For 2015 I modified my "inactive" script to give me cut/paste commands to lock accounts (set account_locked=true) that have not been used and/or not been used for XX days (where XX is 60 by default).
You can find the script at
lockidle.ksh NOTE: This script does not change anything. You can cut/paste as desired/needed!
For example: not used for 360 days
michael@x071:[/data/prj/asat/asat-0.9.4]./lockidle.ksh 360
# account(s) idle more than 360 days should be locked
chuser account_locked=true user_k
chuser account_locked=true user_b
chuser account_locked=true user_m
# accounts with no time_last_login recorded should be locked
chuser account_locked=true user_cbOr no argument - is 60 days
michael@x071:[/data/prj/asat/asat-0.9.4]./lockidle.ksh
# account(s) idle more than 60 days should be locked
chuser account_locked=true user_k
chuser account_locked=true user_l
chuser account_locked=true user_b
chuser account_locked=true user_bd
chuser account_locked=true user_m
# accounts with no time_last_login recorded should be locked
chuser account_locked=true user_cbHope this helps - comments, suggestions welcome!
Topic: Locking idle accounts - "Secure" wishes for 2015! (Read 11049 times)