Listing 3: logins script

#
# Thomas Richter
#
# Compress the files /var/adm/wtmp and /var/adm/sulog on a monthly basis
# and store them in this directory. The Suffix is the month.
# This file is invoked each day and checks the existance of the monthly file.

PATH=/usr/bin
cd /var/adm/local

# Compress the file specified as parameter and recreate it. The file must
# contain the full pathname. If a compressed file for that month doesn't
# exist or is one year old then create a new one
reduce()
{
    mon=`date +%m`
    if [ $mon -eq 1 ]
    then
        mon=12
    else
        mon=`expr $mon - 1`
    fi
    [ $mon -lt 10 ] && mon="0$mon"
    base=`basename $1`
    if [  -s $base.${mon}.Z  ]
    then
        year=`istat $base.$mon.Z | fgrep 'Last modified:' | awk '{ print $7 }'`
        [ `date +%Y` -eq "$year" ] && return 0
    fi
    compress -c $1 > $base.${mon}.Z
    >$1
}

# Mail list of failed logins (since last invocation) to System administrator.
# File /etc/security/failedlogin contains only entries since last invocation
# of this program. Entries are made if a nonexistant userid was
# used (UNKNOWN) as well as a valid userid with an invalid password. The 2. case
# is also listed in the file /etc/security/lastlog.

[ -s /etc/security/failedlogin ] && who /etc/security/failedlogin | \
 mail -s "Failed Logins" root
> /etc/security/failedlogin

users="`lastlogin -u14`"
[ -n "$users" ] && echo "$users" | mail -s "Unused accounts (14 Days)" root

reduce /var/adm/sulog
reduce /var/adm/wtmp
