Hello Guys,
Few days back a kind of strange requirement come to me where as an they wanted to lock the localuser if he/she do not login into the system for more than 30 days
- He/She should not be able to login into the system
- SSH into the system
- His/Her account should be lock
---
- name: Lock users who have not logged in the last 30 days (excluding system users)
hosts: linux_servers
become: yes
tasks:
- name: Get list of users who have not logged in within 30 days
ansible.builtin.shell: "lastlog -b 30 | awk 'NR>1 && $3!=\"Never\" {print $1}'"
register: inactive_users
changed_when: false
- name: Get list of system users (UID < 1000)
ansible.builtin.shell: "awk -F: '$3 < 1000 {print $1}' /etc/passwd"
register: system_users
changed_when: false
- name: Display inactive users
ansible.builtin.debug:
var: inactive_users.stdout_lines
- name: Display system users (excluded)
ansible.builtin.debug:
var: system_users.stdout_lines
- name: Lock inactive users (excluding system users)
ansible.builtin.command: "usermod --lock {{ item }}"
loop: "{{ inactive_users.stdout_lines }}"
when: item not in system_users.stdout_lines and item not in ["root", "nrathi", "nobody", "other_imp_user"]
Enjoy...guys
No comments:
Post a Comment