return to PRS Technologies website
#!/usr/bin/ksh
###############################################################################
#
# Module: login_disable.sh
# Author: Peter R. Schmidt
# Description: Disable Unix and Elite-for-Windows logins
#
# Change Log
#
# Date Name Description.................
# 10/28/01 Peter R. Schmidt Start Program
#
###############################################################################
CRITICAL="root informix"
SYSTEM="root daemon bin sys adm uucp lp nuucp hpdb nobody"
if [ $LOGNAME != 'root' ]; then
echo "Sorry - you must be logged on a 'root' to run this program."
exit 1
fi
. /elite/custom/run.elite
DISABLE=/usr/local/custom/login_disable
if [ -f $DISABLE ]
then
echo
echo "NOTE: Unix logins are ALREADY disabled"
echo
cat $DISABLE
exit
fi
#-------------------------------------------------------------------------------
CUSTOM=/usr/local/custom
CUSTOM_EXCEPTIONS=$CUSTOM/disable_exceptions
PASSWD=/etc/passwd
PASSWD_BACKUP=/etc/passwd.DISABLE
PASSWD_NEW=/tmp/passwd.NEW
if [ ! -d $CUSTOM ]; then
echo "Error: $CUSTOM does not exist."
exit 1
fi
if [ ! -f $PASSWD ]; then
echo "Error: $PASSWD does not exist."
exit 1
fi
if [ ! -w $PASSWD ]; then
echo "Error: $PASSWD is not writable - which is required for this program."
exit 1
fi
if [ ! -f $CUSTOM_EXCEPTIONS ]; then
echo "Error: $CUSTOM_EXCEPTIONS does not exist."
exit 1
fi
if [ -f $PASSWD_BACKUP ]; then
echo "Error: $PASSWD_BACKUP already exists and should not."
echo "This is unexpected and should be checked out and corrected before proceeding."
exit 1
fi
if [ -f $PASSWD_NEW ]; then
echo "Error: $PASSWD_NEW already exists and should not."
echo "This is unexpected and should be checked out and corrected before proceeding."
exit 1
fi
#-------------------------------------------------------------------------------
# Backup the /etc/passwd file
cp -p $PASSWD $PASSWD_BACKUP
# Create the new passwd file
echo
echo "Creating a new /etc/passwd file..."
echo
for LOGIN in $SYSTEM
do
egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW
done
for LOGIN in `cat $CUSTOM_EXCEPTIONS`
do
CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW`
if [ $CNT = 0 ]; then
egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW
fi
done
# Check for some critical logins
for LOGIN in $CRITICAL
do
CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW`
if [ $CNT = 0 ]; then
egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW # if not there - add it
fi
done
# Check AGAIN !
for LOGIN in $CRITICAL
do
CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW`
if [ $CNT = 0 ]; then # if still not there - something is up - fail
echo "Error: for some reason, the login for $LOGIN did not get into the new $PASSWD file."
echo "Program terminated!"
exit 1
fi
done
#-------------------------------------------------------------------------------
UDATE=`date`
cp $PASSWD_NEW $PASSWD
chown root $PASSWD
chgrp sys $PASSWD
chmod 644 $PASSWD
echo "Unix logins are DISABLED" | tee $DISABLE
echo "by $LOGNAME on $UDATE" | tee -a $DISABLE
chmod 666 $DISABLE
rm $PASSWD_NEW
################################################################################