OS
#!/bin/bash
# アカウントロック回数の取得 (デフォルト値を設定)
lock_count=$(grep -Po 'deny\s*=\s*\K[0-9]+' /etc/security/faillock.conf 2>/dev/null || echo "5")
echo "ユーザ,アカウントロック回数,PW有無,PW有効期限"
for user in $(cut -d: -f1 /etc/passwd); do
pw_field=$(awk -F: -v u=$user '$1==u {print $2}' /etc/shadow)
# パスワードステータスの判定
if [ -z "$pw_field" ] || [ "$pw_field" = "!!" ]; then
pw_status="-"
else
pw_status="○"
fi
# パスワード有効期限の判定
expiry_field=$(awk -F: -v u=$user '$1==u {print $5}' /etc/shadow)
if [ -z "$expiry_field" ] || [ "$expiry_field" = "" ]; then
expiry_days="-"
else
expiry_days=$expiry_field
fi
echo "$user,$lock_count,$pw_status,$expiry_days"
done
Oracle
SET COLSEP ','
SET PAGESIZE 0
SET TRIMSPOOL ON
SET HEADSEP OFF
SET LINESIZE 1000
SELECT
u.USERNAME || ',' ||
COALESCE(p2.LIMIT, '-') || ',' ||
CASE
WHEN p1.LIMIT IS NOT NULL THEN '○'
ELSE '-'
END || ',' ||
CASE
WHEN p1.LIMIT IS NOT NULL THEN p1.LIMIT
ELSE '-'
END AS "ユーザ,アカウントロック回数,PW有無,PW有効期限"
FROM
DBA_USERS u
JOIN
DBA_PROFILES p1
ON
u.PROFILE = p1.PROFILE AND p1.RESOURCE_NAME = 'PASSWORD_LIFE_TIME'
LEFT JOIN
(SELECT PROFILE, LIMIT
FROM DBA_PROFILES
WHERE RESOURCE_NAME = 'FAILED_LOGIN_ATTEMPTS') p2
ON
u.PROFILE = p2.PROFILE;
Dovecot
#!/bin/bash
echo "ユーザ,アカウントロック回数,PW有無,PW有効期限"
while IFS=: read -r user pass rest; do
if [ -n "$pass" ]; then
pw_status="○"
else
pw_status="-"
fi
echo "$user,設定なし,$pw_status,設定なし"
done < <(grep -v ^# /etc/dovecot/passwd)