Forum Discussion

4 Replies

  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Aug 19, 2013

    This is not an irule task.

     

    You should be able to write a normal script in any scripting language that runs on the F5 (PHP, Perl, Python, Bash) and add it to your cron schedule to run at the frequency you want and do what you tell it to do.

     

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Aug 19, 2013

    I'm not even sure I would suggest making this a cron job on the system. I would suggest doing it totally off of the box via some programming language, or possibly even using iControl.

     

    Here is an article that Joe wrote covering some of the in's and out's of iControl User Management (it should be able to manage the built in accounts as well):

     

    iControl 101 - 07 - User Management

     

  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Aug 19, 2013

    I wouldn't recommend having it automatically change the password but you can setup an email alert that runs in cron that will calculate the days between today and the last password change and email if it is greater than say "90 days" so you can login and change the passwords.

    In the SSH bash shell you can use 'chage -l' to view the last time the password was change.. for example 

    [root@hostname:Active:Standalone] config  chage -l root | grep "Last password change"
Last password change                                    : Apr 30, 2013
[root@hostname:Active:Standalone] config  chage -l admin | grep "Last password change"
Last password change                                    : Apr 30, 2013
[root@hostname:Active:Standalone] config

    You can also look in the /etc/shadow file...

    [root@hostname:Active:Standalone] config  cat /etc/shadow | egrep "root|admin"
root:encrypted_password:15825:0:99999:7:::
admin:encrypted_password:15825:0:99999:7:::
[root@hostname:Active:Standalone] config

    The third value is the days since 1/1/1970 that the password was changed. so for example on my system the number is 15825. Now you can get today's date in the same format by the following.

    [root@hostname:Active:Standalone] config  echo $(($(date +%s) / 60 / 60 / 24))
15936
[root@hostname:Active:Standalone] config

    Now you can do some simple math...

    [root@hostname:Active:Standalone] config  echo $((15936-15825))
111
[root@hostname:Active:Standalone] config

    So put all this together in a shell script and if the last value is greater than 90 (or whatever date you choose) then you can email an alert. You would want to do this for both the admin and the root users.

    If you need help writing a script please let me know...

    Seth Cooper