Maintenance Task: User Account Cleanup

Description

Review and remove unused or inactive user accounts to maintain system security.

Frequency

Monthly or quarterly.

Checklist

• Are there orphaned or test users?
• Any users with shell access that shouldn’t?
• Do disabled users still have access?

Cleanup Steps

1. List user accounts:

   getent passwd | grep '/home'
   

2. Check for inactivity:

   lastlog | grep -v 'Never'
   

3. Disable or delete user:

   usermod -L username  # lock
   userdel -r username  # remove
   

Preventive Actions

• Use sudo groups and avoid shared root access
• Automate expiry or alerts for dormant accounts

Tools & Commands

• getent, lastlog, usermod, userdel, chage