#!/bin/bash

## pw scrambler v0.4

## to be run daily or more. scrambles the root pw, encrypts

## with gpg (pubkeys must be locally trusted FIRST) and emails the resulting

## encrypted file to those determined below.

##

## REQUIRES: heirloom-mailx and sendmail-bin for debian

##

## list recipients with spaces to delimit. pubkeys must be already trusted

gpgRecipients = ""

## list recipients with spaces to delimit

ccEmail = "boss@example.org coworker@example.org"

## only ONE TO: address please

toEmail = "sysadmin@example.org"

## modify below here only if you want different password/files

isoDate = ` date + % Y % m % d `

fileFormat = "ROOTPW- $HOSTNAME - $isoDate .gpg"

pwLength = "16"

newPass = ` tr -dc A-Za-z0- 9 < / dev / urandom | head -c $pwLength `

function ListGpgRecipients {

for i in $gpgRecipients ; do

echo -n " --recipient $i "

done

}

function ListEmailRecipients {

if [ ! -z $ccEmail ] ; then

for i in $ccEmail ; do

echo -n " -c $i "

done

fi

}

echo "root: $newPass " | chpasswd

echo "root@ $HOSTNAME $newPass " | gpg -e ` ListGpgRecipients ` > $fileFormat

unset newPass

printf "%b" "On $isoDate root pw for $HOSTNAME was scrambled. The pw is encrypted in a file attached to this email. Only authorized folks can decrypt." | mail ` ListEmailRecipients ` -s "[ROOTPW] $HOSTNAME $isoDate " -a $fileFormat $toEmail