Change password shell script

in Categories Security last updated April 10, 2008
#!/usr/local/bin/expect -f
# Password change shell script, tested on Linux and FreeBSD
# ----------------------------------
# It need expect tool. If you are using Linux use following command
# to install expect
# apt-get install expect
# FreeBSD user can use ports or following command:
# pkg_add -r -v expect
# ----------------------------------
# If you are using linux change first line
# From:
#!/usr/local/bin/expect -f
# To:
#!/usr/bin/expect -f
# -----------------------------------------------
# Copyright (c) 2006 nixCraft project 
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# display usage
if {$argc!=2} {
   send_user "usage: $argv0 username password \n"
   exit
}
# script must be run by root user
set whoami [exec id -u]
if {$whoami!=0} {
   send_user "You must be a root user to run this script\n"
   exit
}
#
set timeout -1
match_max 100000
# stopre password
set password [lindex $argv 1]
# username
set user [lindex $argv 0]
# opem shell
spawn $env(SHELL)
# send passwd command
send -- "passwd $user\r"
expect "assword:"
send "$password\r"
expect  "assword:"
send "$password\r"
send "\r"
expect eof

Shell script for search for no password entries and lock all accounts

in Categories Security last updated April 10, 2008
#!/bin/bash
# Shell script for search for no password entries and lock all accounts
# -------------------------------------------------------------------------
# Copyright (c) 2005 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Set your email 
ADMINEMAIL="admin@somewhere.com"
 
### Do not change anything below ###
#LOG File
LOG="/root/nopassword.lock.log"
STATUS=0
TMPFILE="/tmp/null.mail.$$"
 
echo "-------------------------------------------------------" >>$LOG
echo "Host: $(hostname),  Run date: $(date)" >> $LOG
echo "-------------------------------------------------------" >>$LOG
 
# get all user names
USERS="$(cut -d: -f 1 /etc/passwd)"
 
# display message
echo "Searching for null password..."
for u in $USERS
do
  # find out if password is set or not (null password)
   passwd -S $u | grep -Ew "NP" >/dev/null
   if [ $? -eq 0 ]; then # if so 
     echo "$u" >> $LOG 
     passwd -l $u #lock account
     STATUS=1  #update status so that we can send an email
   fi  
done
echo "========================================================" >>$LOG 
if [ $STATUS -eq 1 ]; then
   echo "Please see $LOG file and all account with no password are locked!" >$TMPFILE
   echo "-- $(basename $0) script" >>$TMPFILE
   mail -s "Account with no password found and locked" "$ADMINEMAIL" < $TMPFILE
#   rm -f $TMPFILE
fi