How can I check the last logins of a given user since a given time?
Tried:
`last -s $timeVariable $userName`
But that option is invalid.
I know -t is good to check the logins until the specified time, but I want the exact opposite. Any ideas?
Related
Anyone know what "logins -axo" means in linux os (for Oracle database)? and how to read the result?
i've got result below:
root:0:root:0:Super-User:/root:/sbin/sh:PS:092222:-1:28:21:-1:0
I don't know Linux, but - the only logins command I found is related to IBM's AIX.
Flags you used mean:
-a: In addition to the default output, the -a flag adds two password expiration fields to the display. These fields show how many days a password can remain unused before it automatically becomes inactive and the date that the password will expire.
-o: Formats output into one line of colon separated fields.
-x: Prints an extended set of information about each selected user. Information for each user is printed on a separate line containing the home directory, login shell, and password aging information. The extended information includes the following:
The password status
The date on which the password was last changed
The number of days required between changes
The number of days allowed before a change is needed
The number of days that the user will receive a password expiration warning message before the password expires
The password status is displayed in an abbreviated form as PS for logins with password, NP for no password or LK for locked.
This question already has answers here:
Capture output value from a shell command in VBA?
(8 answers)
Closed last year.
I am trying to make a ticket tool we have where I work a little better and make it so the tech team doesn't have to open Active Directory to make sure the ticket sender is eligible to make certain requests. What I need is the ability to run net user /domain <username> then collect the comment line and store it in a variable in VBA. The variable will then be sent in an email to the ticket software along with anything the user entered in the text boxes.
My thoughts were to run the command and send the output string to another variable then pull the line information from the larger output since I cant seem to find a way to get only the comment.
I've added a sample of the output below with an arrow pointing at the data that needs extracted into the variable.
I'm still pretty new to VBA so bear with me.
C:\Users\jdoe\Desktop>net user /domain jdoe
The request will be processed at a domain controller for domain StackOverflow.wh.
User name jdoe
Full Name John Doe
Comment Anlst Tech Supp <----- this is what needs extracted
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 11/1/2021 8:58:44 AM
Password expires 1/30/2022 8:58:44 AM
Password changeable 11/1/2021 8:58:44 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 1/15/2022 11:43:12 AM
Logon hours allowed All
Local Group Memberships
Global Group memberships *Domain Users
The command completed successfully.
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set config = objWMIService.ExecQuery("Select * From Win32_UserAccount")
For Each thing in Config
Msgbox thing.caption & " " & thing.Description
Next
Programmers don't call user's commands. They are for humans not programs.
See https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-useraccount for more info.
I am working on an authentication system for a local server jupyterhub that relies on OAuth protocol. Additionally, it creates a local system user on windows, in case it does not exist.
What is the correct way to check whether a user exists on windows platforms using python?
This would include cases in which the system uses LDAP authentication and the user logged in the machine at least once.
I am looking for the correct windows alternative to the unix-like:
import pwd
try:
pwd.getpwnam(user.name)
except Exception as e:
print(repr(e))
My current solution is to check for the existence of the f"os.environ["SystemDrive"]\Users\{username}" folder. Side question, is there any drawback with the current method?
Here's a solution to checking if a local Windows user exists using python:
import subprocess
def local_user_exists_windows(username):
r = subprocess.run("net user",stdout=subprocess.PIPE)
#look for username in the output. Return carriage followed by line break followed by name, then space
return f"\\r\\n{username.lower()} " in str(r.stdout).lower()
Alternative is to use a regular expression to find username match (^ is regex for beginning of line if used in conjunction with multiline, \b for word boundary):
import re
re.findall(rf"^{username}\b", out,flags=re.MULTILINE | re.IGNORECASE)
Note that the \b could be replaced with \s+ meaning a space character one or more times and yield similar results. The function above will return True if given user name is an exact match with local username on Windows.
Again, my reason for this solution is there might be drawback to checking whether the path f"os.environ["SystemDrive"]\Users\{username}" exists. For example, I have a case where a Local User (e.g,local_username) exists via the net user command or via looking at "Local Users and Groups" control panel, but there is no C:\Users\local_user_name folder. One reason for this I can think of off the top of my head is perhaps the user switched from logging in as a Local User to using a Domain Account, and their User folder was deleted to save space, so the User exists, but the folder does not, etc.)
The call to net user gets local users - and the output looks something like this:
User accounts for \\SOME-WINDOWS-COMPUTER
-------------------------------------------------------------------------------
SomeUser Administrator DefaultAccount
Guest local_admin WDAGUtilityAccount
Notice how the SomeUser in this example is preceded by a \r\n followed by multiple spaces, hence looking for a username string inside this string could yield a false positive if the string you are searching is contained inside another string.
The solution above works for me, but has been tested all of ten minutes, and there might be some other simpler or more pythonic way of doing this.
There is quite a common issue in unix world, that is when you start a process with parameters, one of them being sensitive, other users can read it just by executing ps -ef. (For example mysql -u root -p secret_pw
Most frequent recommendation I found was simply not to do that, never run processes with sensitive parameters, instead pass these information other way.
However, I found that some processes have the ability to change the parameter line after they processed the parameters, looking for example like this in processes:
xfreerdp -decorations /w:1903 /h:1119 /kbd:0x00000409 /d:HCG /u:petr.bena /parent-window:54526138 /bpp:24 /audio-mode: /drive:media /media /network:lan /rfx /cert-ignore /clipboard /port:3389 /v:cz-bw47.hcg.homecredit.net /p:********
Note /p:*********** parameter where password was removed somehow.
How can I do that? Is it possible for a process in linux to alter the argument list they received? I assume that simply overwriting the char **args I get in main() function wouldn't do the trick. I suppose that maybe changing some files in /proc pseudofs might work?
"hiding" like this does not work. At the end of the day there is a time window where your password is perfectly visible so this is a total non-starter, even if it is not completely useless.
The way to go is to pass the password in an environment variable.
I want to run a script which calls tpm_sealdata many times and I don't want to enter the SRK password each time.
In the man page I found this:
-z, --well-known
Use TSS_WELL_KNOWN_SECRET (20 zero bytes) as the SRK password.
You will not be prompted for the SRK password with this option.
However, I couldn't figure out which value I have to use as TSS_WELL_KNOWN_SECRET.
As the name of the constant implies, the value of TSS_WELL_KNOWN_SECRET is well known. It is just 20 bytes of zero.
But you don't actually need the value. The -z option does not require a value, it's just a switch to tell the program to use the well known secret. The help text you cite also states this fact.
So a call to tpm_sealdata might look like this:
tpm_sealdata -z -i data.in -o data.out
However, to use this method the SRK must have been created with the well known secret of course. When using tpm_takeownership:
tpm_takeownership -z