我有一个tacacs+服务器在Debian 7.8上运行。我使用apt-get-install-tacacs+来安装tacacs+,所以这里没有什么特别的。我使用tacacs+对Cisco VPN计算机中的用户进行身份验证。
我的问题是,我找不到为tacacs+开发的在用户/服务器管理员的密码到期前向他们发送电子邮件的任何东西。有可能要求用户在登录时更改密码,但如果帐户已过期,则无法正常工作。
下面是tac_plus.conf文件中用户的帐户设置示例。
user = example.user {
default service = permit
login = des some_crypted_pass_here
expires = "Sep 30 2016"
}
请您提供一个脚本,将“expires”中的日期与系统日期进行比较,如果在系统日期=expires之前还有不到14天的时间,请向特定地址(例如[email protected])发送一封自动电子邮件,并显示一条警告消息(例如,“tacacs+/Cisco VPN帐户,例如user将在X天后过期”)?
提前谢谢大家。
最佳答案
@约翰1024听了你的劝告,我想到了这个:
#!/bin/bash
#location of temporary file to store the results
temp_file=/usr/local/src/temp_file_tacacs
#grep | cut | awk in the file /etc/tacacs+/tac_plus.conf and exporting resuts to temporary file
grep -e "user\|expires" /etc/tacacs+/tac_plus.conf | cut -d'=' -f 2 | tr -d { | tr -d \" | awk 'NR%2{printf $0":";next;}1' > $temp_file
#Getting current system date
date_current=$(date "+%s")
while IFS='' read -r line || [[ -n "$line" ]]; do
#getting the user
user=$(echo $line | awk '{print $1}')
#getting the expiration date coresponding to the user
date_expire=$(echo $line | awk -F: '{print $2}' | xargs)
#converting the date in the same format as $date_current ( was retrieved earlier )
date_converted=$(date -d "$date_expire" +"%s")
#calculating the difference between the 2 dates
date_diff=$(expr $date_converted - $date_current)
#checking if result is < 14 days ( 1209600 seconds = 14 days )
if [ $(expr $date_diff - 1209600) -gt 0 ]
then
#echo "$user - more than 14 days untill account will expire." #left here for debugging purposes
#ignoring there results and sending them to /dev/null ( just because I needed something in the while - then - else loop).
echo "" > /dev/null
else
#echoing the results and sending them with with sendmail
#If sendmail is not sending, check your /var/log/exim4/mailnlog.
#I had to dpkg-reconfigure exim4-config and select "internet sites" option to be able to send e-mails to remote domains. Check
# http://chepri.com/jake-strawn-fixed-mailing-to-remote-domains-not-supported-debian-5-lenny/ for more info about this
#NOTE: For each result, you will get a different e-mail. If too many accounts are about to expire, you may be blocked by the mail server for spamming!!
echo -e "Hello Admins,\\n\\nThe $user Cisco VPN Account will expire in less than 14 days!" | /usr/bin/mail -s "The Cisco VPN Account for $user is about to expire" "[email protected]"
#END of the while loop
fi
done < "$temp_file"
#deleting the temporary file
rm -rf $temp_file