Urgent - Script to Reset Passwords - Please look

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
christianrj
Posts: 34
Joined: Sat Sep 13, 2014 3:18 am

Urgent - Script to Reset Passwords - Please look

Post by christianrj »

Hi!

Can anyone check the script bellow and tell me if it will work and reset all user passwords in Zimbra 8.6?

Today our datacenter disabled our IP because one of our accounts was caught sending SPAM. I fear they will cancel our server if any other account is compromised. So I want to change all passwords for all users and then enforce new password rules.

Thank you!

Code: Select all

#!/bin/bash
clear
USERS=`su - zimbra -c 'zmprov -l gaa'`;

for ACCOUNT in $USERS; do
ACC1=`echo $ACCOUNT | awk -F@ '{print $1}'`;
ACC=`echo $ACC1 | cut -d '.' -f1`;

if [ $ACC == "admin" ] || [ $ACC == "wiki" ] || [ $ACC == "galsync" ] || [ $ACC == "ham" ] || [ $ACC == "spam" ]; then
echo "Skipping system account, $NAME...";
else
echo "Modifying $ACCOUNT password...";
USERNEWPASSWORD=$(cat /dev/urandom | tr -dc "a-zA-Z0-9!@#$%^&*()?" | fold -w 32 | head -n 1)
su - zimbra -c "zmprov sp $ACCOUNT $USERNEWPASSWORD";
echo "Done!"
echo ""
# read anykey
fi
done
echo "Modifying password for all user has been finished successfully"
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: Urgent - Script to Reset Passwords - Please look

Post by fs.schmidt »

Hi,

Everthing looks correct and it is a good script IMHO.
Best regards.
Fabio S. Schmidt
http://www.bktech.com.br
Brasília - Brazil
User avatar
christianrj
Posts: 34
Joined: Sat Sep 13, 2014 3:18 am

Re: Urgent - Script to Reset Passwords - Please look

Post by christianrj »

Thanks!

It can also be used to mass change settings for mail users, like enable or disable POP/IMAP, and others.
lippyrich
Posts: 4
Joined: Fri Jul 08, 2016 8:49 am
Location: UK
ZCS/ZD Version: 8.6

Re: Urgent - Script to Reset Passwords - Please look

Post by lippyrich »

I would like to use your script if possible please, I have found my server has been compromised twice with different accounts in the last two days.
How does it interact with you/users regarding the passwords changing, does it give you a list of them or does it just make them change theirs to a minimum complexity.
User avatar
christianrj
Posts: 34
Joined: Sat Sep 13, 2014 3:18 am

Re: Urgent - Script to Reset Passwords - Please look

Post by christianrj »

lippyrich wrote:I would like to use your script if possible please, I have found my server has been compromised twice with different accounts in the last two days.
How does it interact with you/users regarding the passwords changing, does it give you a list of them or does it just make them change theirs to a minimum complexity.
The script automatically changes all passwords with secure random passwords. You must after this, send temporary passwords to all users.

Because you never know if a user has a weak password, this is a emergency measure to make your Zimbra server more secure. After this, you must send temporary passwords to users so that they can change them.

Of course, someone can improve this script so that it generate a list of all generated passwords for their respective accounts to ease management and automatically set all accounts to change their passwords on the next login.

Also, change the password policies to be more strict to improve security. I also recommend to disable POP/IMAP for all accounts and enable only on a case by case.
Post Reply