AIXTOOLS, IBM AIX and POWER Portal

AIX => Administration => Security => Topic started by: Michael on January 13, 2015, 02:35:06 PM

Title: Locking idle accounts - "Secure" wishes for 2015!
Post by: Michael on January 13, 2015, 02:35:06 PM
For 2015 I modified my "inactive" script to give me cut/paste commands to lock accounts  (set account_locked=true) that have not been used and/or not been used for XX days (where XX is 60 by default).

You can find the script at lockidle.ksh (http://dl.aixtools.net/scripts/security/lockidle.ksh) NOTE: This script does not change anything. You can cut/paste as desired/needed!

For example: not used for 360 days

Code: [Select]
michael@x071:[/data/prj/asat/asat-0.9.4]./lockidle.ksh 360
# account(s) idle more than 360 days should be locked
chuser account_locked=true user_k
chuser account_locked=true user_b
chuser account_locked=true user_m

# accounts with no time_last_login recorded should be locked
chuser account_locked=true user_cb

Or no argument - is 60 days

Code: [Select]
michael@x071:[/data/prj/asat/asat-0.9.4]./lockidle.ksh   
# account(s) idle more than 60 days should be locked
chuser account_locked=true user_k
chuser account_locked=true user_l
chuser account_locked=true user_b
chuser account_locked=true user_bd
chuser account_locked=true user_m

# accounts with no time_last_login recorded should be locked
chuser account_locked=true user_cb

Hope this helps - comments, suggestions welcome!