Listing 3: logins script

#
# Thomas Richter
#
# Compress the files /var/adm/wtmp and /var/adm/sulog on a monthly basis
# and store them in this directory. The Suffix is the month.
# This file is invoked each day and checks the existance of the monthly file.

PATH=/usr/bin
cd /var/adm/local

# Compress the file specified as parameter and recreate it. The file must
# contain the full pathname. If a compressed file for that month doesn't
# exist or is one year old then create a new one
reduce()

{
mon=`date +%m`
if [ $mon -eq 1 ]
then
mon=12
else
mon=`expr $mon - 1`
fi
[ $mon -lt 10 ] && mon="0$mon"
base=`basename $1`
if [  -s $base.${mon}.Z  ]
then
year=`istat $base.$mon.Z | fgrep 'Last modified:' | awk '{ print $7 }'`
[ `date +%Y` -eq "$year" ] && return 0
fi
compress -c $1 > $base.${mon}.Z
>$1
}

# Mail list of failed logins (since last invocation) to System administrator.
# File /etc/security/failedlogin contains only entries since last invocation
# of this program. Entries are made if a nonexistant userid was
# used (UNKNOWN) as well as a valid userid with an invalid password. The 2. case
# is also listed in the file /etc/security/lastlog.

[ -s /etc/security/failedlogin ] && who /etc/security/failedlogin | \
mail -s "Failed Logins" root
> /etc/security/failedlogin

users="`lastlogin -u14`"
[ -n "$users" ] && echo "$users" | mail -s "Unused accounts (14
Days)" root

reduce /var/adm/sulog
reduce /var/adm/wtmp
/* End of File */