Skript na kontrolu prosleho hesla

Pavel Kankovsky peak na argo.troja.mff.cuni.cz
Čtvrtek Březen 9 12:21:38 CET 2000 

On Thu, 9 Mar 2000, Ales Rygl wrote:

> chtel bych uzivatele uporozornovat mailem na to, ze jim vyprsi heslo a
> ze si jej maji zmenit. Mailem proto, ze se na konzoli ani telnetem nikdy
> neprihlasuji. Ma nekdo nejaky napad, jak na to? Nema nekdo hotovy nejaky
> sikovny skriptik? Zatim me napada pouze vyuziti prikazu.

Tohle je sice provozovano na Solarisu, ale linuxove /etc/shadow by melo
byt v podstate stejne...

#!/usr/bin/perl

sub send_warning
{
  my($user, $pwd_exp, $expire) = @_;
  my($pwd_exp_d, $expire_d);

  ($expire <= 0) && ($expire_d = "jiz vyprsela");
  ($expire == 1) && ($expire_d = "vyprsi behem 1 dne");
  ($expire >= 2 && $expire <= 4) && ($expire_d = "vyprsi za $expire dny");
  ($expire >= 5) && ($expire_d = "vyprsi za $expire dni");

  ($pwd_exp == 1) && ($pwd_exp_d = "1 den");
  ($pwd_exp >= 2 && $pwd_exp <= 4) && ($pwd_exp_d = "$pwd_exp dny");
  ($pwd_exp >= 5) && ($pwd_exp_d = "$pwd_exp dni");

  open(PIPE, "|/usr/lib/sendmail -t") || die "can't fork: $!";
  print(PIPE <<"EOF");
From: root
To: ${user}
Subject: PLATNOST HESLA KONCI!
....
<tady jsou takove fraze jako "Platnost hesla $expire_d.">
...
EOF
  close(PIPE);
}

sub scan_shadow
{
  while (<STDIN>) {
    chomp;
    if (/^(\w+):([^:]*):(\d*):[^:]*:(\d*):(\d*):(\d*):(\d*):$/) {
      my ($user, $pwd, $last_ch, $pwd_exp, $warning, $pwd_lck, $acc_exp) =
          ($1, $2, int($3), int($4), int($5),int($6), int($7));
      next if (!$pwd_exp);
      next if ($pwd_lck && $last_ch + $pwd_lck < $today);
      next if ($acc_exp && $acc_exp < $today);
      next if ($pwd eq 'NP' || $pwd eq '*LK*');
      $warning = 7 unless ($warning);
      $warning = $pwd_exp if ($warning > $pwd_exp);
      my ($expiration) = ($last_ch + $pwd_exp - $today);
      next if ($expiration > $warning);
      next if ($expiration < -$warning);
      send_warning($user, $pwd_exp, $expiration);
    }
    else {
      warn "unrecognized line in shadow!";
    }
  }
}

$today = int(time() / 86400);
scan_shadow();


Berte to jako public domain. No restrictions, no guarantee, no support.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Další informace o konferenci Linux