[Linux] 사용자 비밀번호 자동변경 스크립트

#!/bin/bash
###########################################################################
#
# Linux 계정의 패스워드를 랜덤하게 변경하고 당사자에게 메일을 보낸다.
#
# 필요한 패키지 설치: yum -y install pwgen ImageMagick mailx
#
# $ crontab -e (매월 1일 00:10에 실행)
# 10 0 1 * * /etc/scripts/pw_changer.sh
#
##########################################################################
CURRENT_TIME=$(date "+%Y-%m-%d_%H:%M:%S")
CURRENT_DATE=$(date "+%Y-%m-%d")
CURRENT_PATH=$(pwd)
SENDER_MAIL="pwchanger@esvali.com"
MAIL_DOMAIN="esvali.com"
LOG_FILE="/var/log/esvali_pw_changer.log"
PNG_FILENAME="/tmp/${CURRENT_DATE}.png"
TMP_FILENAME1="/tmp/__tmp_file1__.txt"
TMP_FILENAME2="/tmp/__tmp_file2__.txt"

###########################################################################
# 파일의 존재와 실행가능여부 검사
##########################################################################
function check_file() {
  if [ ! -x $1 ]
  then
    echo "$1 not found."
    exit 1
  fi
}

###########################################################################
# 유틸리티 체크
##########################################################################
function prepare_run() {
  check_file /usr/bin/pwgen
  check_file /usr/bin/convert
  check_file /usr/bin/mail
}

###########################################################################
# 문자열을 이미지로 변환
# text2png <text>
##########################################################################
function text2png() {
  if [ -f ${PNG_FILENAME} ]
  then
    rm -f ${PNG_FILENAME}
  fi

  # 가용 폰트 알아보기: convert -list font
  /usr/bin/convert -size 640x100 xc:"rgba(0,0,0,0)" -font "FreeMono-Bold" -pointsize 64 -fill blue -annotate +64+64  "$1" ${PNG_FILENAME}
}

###########################################################################
# 암호를 변경하고 메일로 보낸다.
# change_pw <os id> <email>
##########################################################################
function change_pw() {
  # 신규 비밀번호를 생성하여 $NEW_PASSWD에 넣는다.
  pwgen -CcysnB 10 1 > ${TMP_FILENAME1}
  if [ $? != 0 ]
  then
    echo "Failed to pwgen."
    exit 1
  fi
  NEW_PASSWD=$(cat ${TMP_FILENAME1})
  text2png ${NEW_PASSWD}

  # 메일을 보낸다.
  echo "Password changed time: ${CURRENT_TIME}, Look at the attachment." > ${TMP_FILENAME2}
  mail -a ${PNG_FILENAME} -r ${SENDER_MAIL} -s "$1@${MAIL_DOMAIN} password changed. (${CURRENT_DATE})" $2 < ${TMP_FILENAME2}
  if [ $? != 0 ]
  then
    echo "Failed to mail."
    exit 1
  fi

  # 비밀번호를 변경한다.
  echo "${NEW_PASSWD}" | passwd --stdin $1

  # 로그를 기록한다.
  #echo ${CURRENT_TIME} \"$1\" \"$2\" \"${NEW_PASSWD}\" >> ${LOG_FILE}
  echo ${CURRENT_TIME} \"$1\" \"$2\" >> ${LOG_FILE}

  # 임시파일 삭제
  rm -f ${TMP_FILENAME1} ${TMP_FILENAME2} ${PNG_FILENAME}
}

prepare_run
change_pw "user1"   "user1@naver.com"
change_pw "user2"   "user2@daum.net"