top of page
Search

Password Expiration email Notification perl Script for Linux user account

  • Writer: Puneeth K P
    Puneeth K P
  • Mar 29, 2022
  • 3 min read

Hi All, In this document we share you how to setup a script (“Password Expiration Script for Linux user account”) which will notify all users when password is within 14 days of expiring/password is expired.


#! /usr/bin/perl

# Description:

# This script emails a user when their:

# – password is within 14 days of expiring.

# – password is expired

#

# This script requires the following to work:

# – All user needs a /root/users.txt file that contains a valid format

############### Example of txt file#########################

# user emailid

# puneeth puneeth@teamsystech.com

# manage manage@teamsystech.com

# user user.teamsystech.com

# user1 user1.teamsystech.com

###########################################################

#####################################################################

$HOST=`uname -n`; chomp($HOST);

$UNIXSUPPORT="puneeth@teamsystech.com";

$epoch = int(time/(60*60*24));


open(SHADOW, "< /etc/shadow");

while (<SHADOW>) {

($USER, $encr_pass, $created, undef, $exp_days, undef, undef, undef)=split(/:/, $_);

chomp($shel = `egrep "^$USER:" /etc/passwd | cut -d: -f6`);

next if $shel =~ m(/sbin/nologin); # we don’t care about accounts w/ nologin shell

$PASS_AGE = ($exp_days-($epoch-$created));

if ($encr_pass =~ m{^\!\!$} || $encr_pass =~ m{^\*$}){

$Nothing = 0; # Account is locked/password not set – skip this condition

next;


}elsif ($encr_pass =~ m{^\!.*$}) {

$Nothing = 0; # Account is administratively locked – skip this condition

next;


} elsif ($created eq "0" || $exp_days eq "99999") {


# Password aging is disabled for the account – Set the correct policy for the user

`passwd -x 90 -w 14 $USER`; # password expires in 90 days/Warning 14

`chage -d 0 $USER`; # Force password change on next login

next;

} elsif ($PASS_AGE >= 0 && $PASS_AGE <= 14) {

# password expires within 14 days – notify user

print "The user account $USER will expire in $PASS_AGE days on $HOST\n";

open (FILE, '/root/users.txt');

while (<FILE>) {

chomp;

($name, $email) = split("\t");

if ($name == $USER){

$to = $email;

# print "Email: $to\n";

# print "---------\n";

}

}

close (FILE);

$SUBJECT = "Password expiration notification for $USER from $HOST";

&SendMail("$to", "$SUBJECT", "


Notice: The user account $USER will expire in $PASS_AGE days on $HOST.

Login and change the password before the expiration date or the account may be locked.


Your new password must conform to the following policies:

– Minimum of 8 characters in length

– Contains at least 1 special character within the first 8 characters

– Contains at least 1 numeric character within the first 8 characters



Contact the Support Team for any further assistance.

");


next;


} elsif ($PASS_AGE < 0 && $PASS_AGE > -90) {

# password is expired – notify user

print "The user account $USER will expire in $PASS_AGE days";

$SUBJECT = "Password expiration notification for $USER from $HOST";

open (FILE, '/root/users.txt');

while (<FILE>) {

chomp;

($name, $email) = split("\t");

if ($name == $USER){

$to = $email;

print "Email: $to\n";

print "---------\n";

}

}

close (FILE);

&SendMail("$to", "$SUBJECT", "


Notice: The user account $USER expired $PASS_AGE days ago on $HOST.

Login and change the password or the account may be locked or removed.


Your new password must conform to the following policies:

– Minimum of 8 characters in length

– Contains at least 1 special character within the first 8 characters

– Contains at least 1 numeric character within the first 8 characters


Contact the Support Team for any further assistance.

");

print "The user account $USER expired $PASS_AGE days ago";

next;


}

#elsif ($PASS_AGE < -90 ) {

# Password has been expired for more than 90 days – lock and notify support for deletion

#`passwd -l $USER`; # Lock the account

#`/usr/sbin/usermod -s /sbin/nologin $USER`; # Set a nologin shell

#print "The user account $USER will expire in $PASS_AGE days";

#$SUBJECT = "User account $USER has been expired for 90 days or more";

#&SendMail("root", "$SUBJECT", "


#Notice: The user account $USER expired $PASS_AGE days ago on $HOST.

#Since the user has not changed the password, consider removing the account.

#");


#}

}

close(SHADOW);


#############################################################################

### Define the subroutines below

#############################################################################


###

#1# Send a message to the user

###

sub SendMail {

my ($to, $subject, $message) = @_;

my $sendmail = '/usr/sbin/sendmail';

open(MAIL, "|$sendmail -oi -t");

print MAIL "From: $UNIXSUPPORT\n";

print MAIL "To: $to\n";

print MAIL "Subject: $subject\n\n";

print MAIL "$message\n";

close(MAIL);

}



 
 
 

Comments

Puneeth K P

  • Facebook Black Round
  • Twitter Black Round
bottom of page