Bash Script to Send eMail With a List of User Accounts Expiring in “X” Days

The password enforcement policy is common to all operating systems and applications.

If you want to implement a password enforcement policy on Linux, go to the following article.

The password enforcement policy will be enforced by most companies by default, but the time period will be different depending on the company’s requirements.

Usually everyone uses a 90-days password cycle.

The user will only change the password on some of the servers they use, and they won’t change the password on the servers they don’t use often.

In particular, most team forget to change the service account password, which can lead to breaking regular jobs even if they are configured to work with SSH key-based authentication.

SSH key-based authentication and cronjobs will not work if the user account password expires.

To avoid this situation, we have created a shell script that sends you a list of user accounts that expire within 10 days.

There are two bash scripts included in this tutorial that will help you collect information about user expiration days on your system.

1) Bash Script to Check List of User Accounts Expiring in 10 Days

This script will help you to check the list of user accounts that expire in 10 days on your terminal.

# vi /opt/script/user-password-expiry.sh

#!/bin/sh
/tmp/user-expiry-1.txt
/tmp/user-expiry.txt
echo "-------------------------------------------------"
echo "UserName  The number of days the password expires"
echo "-------------------------------------------------"
for usern in u1 u2 u3 u4
do
today=$(date +%s)
userexpdate=$(chage -l $usern | grep 'Password expires' |cut -d: -f2)
passexp=$(date -d "$userexpdate" "+%s")
exp=`expr \( $passexp - $today \)`
expday=`expr \( $exp / 86400 \)`
echo "$usern $expday" >> /tmp/user-expiry.txt
done
cat /tmp/user-expiry.txt | awk '$2 <= 10' > /tmp/user-expiry-1.txt
cat /tmp/user-expiry-1.txt | column -t 

Set an executable Linux file permission to “user-password-expiry.sh” file.

# chmod +x /opt/script/user-password-expiry.sh

You will get an output like the one below. But the username and days may be different

# sh /opt/script/user-password-expiry.sh

-------------------------------------------------
UserName  The number of days the password expires
-------------------------------------------------
u1         -25
u2          9
u3          3
u4          5

2) Bash Script to Send eMail With a List of User Accounts Expiring in 10 Days

This script will send a mail with a list of user accounts expiring in 10 days.

# vi /opt/script/user-password-expiry-mail.sh

#!/bin/sh
SUBJECT="Information About User Password Expiration on "`date`""
MESSAGE="/tmp/user-expiry.txt"
MESSAGE1="/tmp/user-expiry-1.txt"
TO="[email protected]"
echo "-------------------------------------------------" >> $MESSAGE1
echo "UserName  The number of days the password expires" >> $MESSAGE1
echo "-------------------------------------------------" >> $MESSAGE1
for usern in u1 u2 u3 u4
do
today=$(date +%s)
userexpdate=$(chage -l $usern | grep 'Password expires' |cut -d: -f2)
passexp=$(date -d "$userexpdate" "+%s")
exp=`expr \( $passexp - $today \)`
expday=`expr \( $exp / 86400 \)`
echo "$usern $expday" >> $MESSAGE
done
cat $MESSAGE | awk '$2 <= 10' >> $MESSAGE1
mail -s "$SUBJECT" "$TO" < $MESSAGE1
rm $MESSAGE
rm $MESSAGE1

Set an executable Linux file permission to “user-password-expiry-mail.sh” file.

# chmod +x /opt/script/user-password-expiry-mail.sh

Finally add a cronjob to automate this. It runs once in a day at 8AM.

# crontab -e
0 8 * * * /bin/bash /opt/script/user-password-expiry-mail.sh

You will receive a mail similar to the first shell script output.

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...