PRS Technologies, Inc. - script: login

login_disable.sh

#!/usr/bin/ksh ############################################################################### # # Module: login_disable.sh # Author: Peter R. Schmidt # Description: Disable Unix and Elite-for-Windows logins # # Change Log # # Date Name Description................. # 10/28/01 Peter R. Schmidt Start Program # ############################################################################### CRITICAL="root informix" SYSTEM="root daemon bin sys adm uucp lp nuucp hpdb nobody" if [ $LOGNAME != 'root' ]; then echo "Sorry - you must be logged on a 'root' to run this program." exit 1 fi . /elite/custom/run.elite DISABLE=/usr/local/custom/login_disable if [ -f $DISABLE ] then echo echo "NOTE: Unix logins are ALREADY disabled" echo cat $DISABLE exit fi #------------------------------------------------------------------------------- CUSTOM=/usr/local/custom CUSTOM_EXCEPTIONS=$CUSTOM/disable_exceptions PASSWD=/etc/passwd PASSWD_BACKUP=/etc/passwd.DISABLE PASSWD_NEW=/tmp/passwd.NEW if [ ! -d $CUSTOM ]; then echo "Error: $CUSTOM does not exist." exit 1 fi if [ ! -f $PASSWD ]; then echo "Error: $PASSWD does not exist." exit 1 fi if [ ! -w $PASSWD ]; then echo "Error: $PASSWD is not writable - which is required for this program." exit 1 fi if [ ! -f $CUSTOM_EXCEPTIONS ]; then echo "Error: $CUSTOM_EXCEPTIONS does not exist." exit 1 fi if [ -f $PASSWD_BACKUP ]; then echo "Error: $PASSWD_BACKUP already exists and should not." echo "This is unexpected and should be checked out and corrected before proceeding." exit 1 fi if [ -f $PASSWD_NEW ]; then echo "Error: $PASSWD_NEW already exists and should not." echo "This is unexpected and should be checked out and corrected before proceeding." exit 1 fi #------------------------------------------------------------------------------- # Backup the /etc/passwd file cp -p $PASSWD $PASSWD_BACKUP # Create the new passwd file echo echo "Creating a new /etc/passwd file..." echo for LOGIN in $SYSTEM do egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW done for LOGIN in `cat $CUSTOM_EXCEPTIONS` do CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW` if [ $CNT = 0 ]; then egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW fi done # Check for some critical logins for LOGIN in $CRITICAL do CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW` if [ $CNT = 0 ]; then egrep "^${LOGIN}:" $PASSWD >> $PASSWD_NEW # if not there - add it fi done # Check AGAIN ! for LOGIN in $CRITICAL do CNT=`egrep -c "^${LOGIN}:" $PASSWD_NEW` if [ $CNT = 0 ]; then # if still not there - something is up - fail echo "Error: for some reason, the login for $LOGIN did not get into the new $PASSWD file." echo "Program terminated!" exit 1 fi done #------------------------------------------------------------------------------- UDATE=`date` cp $PASSWD_NEW $PASSWD chown root $PASSWD chgrp sys $PASSWD chmod 644 $PASSWD echo "Unix logins are DISABLED" | tee $DISABLE echo "by $LOGNAME on $UDATE" | tee -a $DISABLE chmod 666 $DISABLE rm $PASSWD_NEW ################################################################################