刷新账号密码过期时间——脚本案例

        OS账号默认30天密码过期，执行下面脚本刷新密码过期时间。
        脚本先是从密码文件中读取用户和密码，再使用passwd命令行修改密码。然后过滤chage -l的关键信息判断密码是否修改成功。最后使用expect脚本对每个用户进行ssh登录并测试，确保用户可以正常登录。

#!/bin/bash
User_name="rescue appservice hwmaintain batches secadm osreadonly monitor backup"
BIZ_device=`ip a |grep '10.119.' |awk  '{print $NF}'`
BIZ_IP=`cat /etc/sysconfig/network-scripts/ifcfg-$BIZ_device |grep "IPADDR=" |cut -d '=' -f2`
SYN_IP=`ip a |grep inet |grep "172.16." |awk -F" " '{print $2}' |awk -F"/" '{print $1}'`

cat /home/batches/$HOSTNAME-$BIZ_IP-password.log |while read test
do
    user=`echo $test |awk -F' ' '{print $2}'`
    passwd=`echo $test |awk -F' ' '{print $4}'`
    pass_sh="echo \""${passwd}"\" |passwd --stdin $user"
    echo "$pass_sh" >/tmp/test-$HOSTNAME-passwd.sh
    sh /tmp/test-$HOSTNAME-passwd.sh
    if [ $? == 0 ];then
        rm -f /tmp/test-$HOSTNAME-passwd.sh
    else
        echo "ERROR,改密失败"
        exit 1
    fi
done

for i in $User_name; do
passwd=`cat /home/batches/$HOSTNAME-$BIZ_IP-password.log |grep $i |awk -F' ' '{print $4}'`
chage_date=`date |cut -d ' ' -f 2,3`
chage -l $i |grep 'Last password change' |grep "$chage_date" > /dev/null 2>&1
    if [ $? -ne 0 ];then
        echo "$i 密码过期时间未更新，密码可能修改失败"
    fi

 # 使用expect脚本登录并测试
  expect << EOD
  log_user 0
    spawn ssh $i@$SYN_IP
    expect {
      -re "Are you sure you want to continue connecting*" {
        send "yes\r"
        exp_continue
      }
	  
      "password:" {
        send "$passwd\r"
        expect {
          "Last login:" {
            puts "Login test is SUCCESSFUL for $i"
          }
          timeout {
            puts "Login test is Unsuccessful for $i (timeout)"
          }
        }
      }
	  
      "Permission denied" {
        puts "Login test is Unsuccessful for $i (wrong password)"
      }
      timeout {
        puts "Login test is Unsuccessful for $i (connection timeout)"
      }
    }
    expect "$user@*" {
      send "exit\r"
    }
EOD
done