Linux set default password expiry for all new users

in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Security, Sys admin, Ubuntu Linux, User Management last updated April 30, 2006

Under Linux password related utilities and config file(s) comes from shadow password suite. The /etc/login.defs file defines the site-specific configuration for this suite. This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace.

You need to set default password expiry using /etc/login.defs file (password aging controls parameters):

  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.

Open file /etc/login.defs using text editor:
# vi /etc/login.defs
Setup (sample) values as follows:

Close and save the file.

See also:

Please note that much of the functionality that used to be provided by the shadow password suite is now handled by PAM suite. Next time I will write about PAM configuration.

Routing all mail to unknown users to a single mail account

in Categories News last updated April 29, 2006

Recently one of our clients mail server was getting lots email message from unknown users which was causing some trouble so I decided to route all mail to unknown users (for verification ) to a single mail account. This server use sendmail MTA. Sendmail has option called LUSER_RELAY.

Open Sendmail configuration file using text editor:

# vi /etc/mail/

Add following macro to file:



# m4 /etc/mail/ > /etc/mail/

Reload configuration:

# /etc/init.d/sendmail restart

Please note that you can also configure virtual domains but it will take some time to configure sendmail virtual domains.

See also:

Apache becomes the Leader in SSL Servers

in Categories News last updated April 27, 2006

Netcraft reports that Apache is now the leader in SSL Server too. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.

Apache has taken much longer to reach the top because version 1.0 did not include SSL at all due to US export control laws and the patent on the RSA algorithm.

SSL support for Apache included using Apache-SSL and mod_ssl software projects.

Three cheers for Apache taking over mighty MS Web server.

Configure your Linux system for different network environments at an office and a home

in Categories News last updated April 26, 2006

If you are using Linux based laptop at an office or a home, then you may need to configure your Linux system for different network environments.

In good old days, I had couple of shell scripts to change network settings. However, you may find small nifty utility called netenv very useful. When booting your laptop it provides you with a simple interface from which you can choose the current network environment.

You can select the network environment you want from list. netenv works on

  1. Debian Linux
  2. Red Hat Linux
  3. Suse Linux

You can download netenv here or if you are using Debian Linux use apt-get command to install it:

# apt-get install netenv

To configure or to select new network interface just type command:

# netenv

On Debian systems, netenv can work with both PCMCIA and on-board network cards. You can also use netenv to configure your windowmanager or your printing environment.
Please note that if you are using Red Hat Enterprise Linux then you can configure network profile with inbuilt Red Hat network configuration tool:

# redhat-config-network

Above tool can be used to create multiple configuration sets for different networks. A configuration set can include logical devices as well as hosts and DNS settings. After configuring the profiles, you can use the Network Administration Tool to switch back and forth between them.

Schedule Windows server to reboot or shutdown automatically

in Categories Sys admin, Tips, Troubleshooting, Windows, Windows server last updated April 22, 2006

Sometime it is necessary to reboot (or shutdown) windows server. Under UNIX or Linux you can use reboot / hal t/shutdown command via cron jobs or at command. But, when it comes to Windows server there is no built in command exist. Only Windows 2000 Resource Kit offers shutdown command line utility.

However, sysinternals has nifty utility called PsShutdown. It is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher). PsShutdown requires no manual installation of client software.

How do I schedule Windows Server Reboot / Shutdown?

You can download PsShutdown from sysinternals web site.

Store file on Windows server in folder. I use folder called C:\admutils. Next open windows command prompt (Start > Run > cmd) and use windows at command to schedule reboot:
c:> at 2:00am c:\admutils\psshutdown.exe -r -f -c -t 10
Above command will reboot system at 2am. If you want to shutdown system:
c:> at 1:00am c:\admutils\psshutdown.exe -s -f -c -t 10

  • -s: Shutdown windows server
  • -r: Reboot windows server
  • -f: Forces all running application to exit
  • -c: Allow the shutdown to by cancel by user
  • -t: Specifies the countdown in seconds until the shutdown

For more information read official psshutdown documentation. Read at command help by typing at /? command.

Running X window graphical application over ssh session

in Categories News last updated April 21, 2006

SSH, server has feature called X11Forwarding. It specifies whether X11 forwarding is permitted or not. You need to set this parameter to yes. Once this is enabled, you will be able to run a graphical application on server and get applications display (window) on your desktop.

Server setup
For example, login on Linux/BSD system called Open /etc/ssh/sshd_config file using text editor:

# vi /etc/ssh/sshd_config

Find out parameter X11Forwarding and set it to yes:

X11Forwarding yes

Save file and exit to shell prompt. Restart sshd service under Debian Linux:

# /etc/init.d/ssh restart

Alternatively, if you are using Fedora / Red Hat Linux restart sshd:

# /etc/init.d/sshd restart

Desktop setup
Since X11 forwarding is enabled, just login from desktop system to using ssh command:

desktop $ ssh -X

server1 $
When you login using ssh command, you need to use -X flag to enable X11 forwarding. If you do not use -X flag forwarding it will not work and you will get an error that read as follows:
couldn’t open display (null)

Once you are logged in to server1, if you type the X application command over ssh session, the application will run on server1 and display will appear on your desktop system. For example, run xeyes or open office program:

server1 $ xeyes &
server1 $ ooffice &

Within few seconds, you should get a graphical display on your desktop system.

Linux display system hardware status information gathered from /proc filesystem in easy format

in Categories Debian Linux, Gentoo Linux, Howto, Linux, RedHat/Fedora Linux, Sys admin, Tips, Troubleshooting last updated April 20, 2006

/proc directory stores lots of system status and hardware information. The proc (mounted at /proc) filesystem is a pseudo-filesystem which is used as an interface to kernel data structures. For example, your CPU related information such as number of CPUs, type of CPU (AMD or Intel) etc can be gathered from /proc/cpuinfo.

However, the output is not always easily readable (especially if you are Linux sys admin). You need to use a command called procinfo which gathers some system data from the /proc directory and prints it nicely formatted on the screen.

It is capable of displaying following Linux status information:

  1. Memory
  2. Bootup (the time the system was booted)
  3. Load average
  4. User (the amount of time spent running jobs in user space)
  5. Nice (the amount of time spent running niced jobs in user space)
  6. System (the amount of time spent running in kernel space)
  7. Idle (the amount of time spent doing nothing)
  8. Uptime (the time that the system has been up).
  9. Page in (the number of disk block paged into core from disk)
  10. Page out (the reverse of the above (What does that mean, anyways?) )
  11. Swap in (the number of memory pages paged in from swapspace)
  12. Swap out (the number of memory pages paged out to swapspace)
  13. context (the total number of context switches since bootup)
  14. disk 1-4 (the number of times your hard disks have been accessed)
  15. Interrupts
  16. Modules (the modules (loadable device drivers) installed on your machine) Character and Block Devices
  17. File Systems

$ procinfo

Linux 2.6.5-7.252-bigsmp (geeko@buildhost) (gcc 3.3.3 ) #1 SMP Tue Feb 14 11:11:04 UTC 2006 4CPU []

Memory:      Total        Used        Free      Shared     Buffers
Mem:       4091932     2327480     1764452           0      209444
Swap:      4194784           4     4194780

Bootup: Fri Mar 10 15:26:44 2006    Load average: 2.00 2.00 2.00 3/108 20202

user  :      17:25:52.25   4.5%  page in :        0
nice  :   3d  7:22:29.54  20.5%  page out:        0
system:       0:17:45.90   0.0%  swap in :        0
idle  :  12d  0:33:54.22  74.7%  swap out:        0
uptime:  40d  5:46:29.70         context :621430542

irq  0:3477339909 timer                 irq 10:         0 ohci_hcd
irq  1:      3237 i8042                 irq 12:      9578 i8042
irq  2:         0 cascade [4]           irq 14:   6678197 ide0
irq  4:         4                       irq 15:  25978305 ide1
irq  8:         2 rtc                   irq 16:  44294194 eth0
irq  9:         0 acpi

You can find out detailed information with -a flag:

$ procinfo -a


Linux 2.6.5-7.252-default (geeko@buildhost) (gcc 3.3.3 ) #1 2CPU []

Memory:      Total        Used        Free      Shared     Buffers
Mem:       4125168     4112656       12512           0      276512
Swap:      4200688          32     4200656

Bootup: Mon Apr 10 13:46:48 2006    Load average: 0.76 0.70 0.32 1/105 6641

user  :       0:59:24.49   2.2%  page in :        0
nice  :       0:11:08.41   0.4%  page out:        0
system:       0:06:51.10   0.2%  swap in :        0
idle  :  18d 15:46:46.95 1020.6%  swap out:        0
uptime:   9d  8:37:33.35         context : 84375734

irq  0:         0 0                     irq 54:    396314 ioc0
irq 28:      1800 cpe_poll              irq 55:        30 ioc1
irq 29:         0 cmc_poll              irq 56:   1842085 eth1
irq 31:         0 cmc_hndlr             irq 57:        18
irq 48:         0 acpi                  irq232:         0 mca_rdzv
irq 49:         0 ohci_hcd              irq238:         0 perfmon
irq 50:      1892 ohci_hcd              irq239:1656130975 timer
irq 51:         0 ehci_hcd              irq240:         0 mca_wkup
irq 52:   5939450 ide0                  irq254:    792697 IPI
irq 53:    404118 eth0

Kernel Command Line:
BOOT_IMAGE=scsi0:\efi\SuSE\vmlinuz root=/dev/sda3 selinux=0 splash=silent elevator=cfq ro

147  snd_pcm_oss    240 *snd_pcm         38 *snd_page_alloc  74 *snd_timer
57 *snd_mixer_oss  149 *snd             33 *soundcore       44  thermal
48 *processor       23  fan             28  button          78  usbserial
73  parport_pc      38  lp             104 *parport        700 *ipv6
113  hid             36  joydev          97  sg              98  st
51  sr_mod          93  ide_cd          90 *cdrom           84  ehci_hcd
63  ohci_hcd        35  evdev          244  tg3             63 *af_packet
40 *binfmt_misc    246 *usbcore        122  e100            32 *subfs
19 *nls_utf8        24 *nls_cp437      139  dm_mod         266 *ext3
165 *jbd             30  mptsas          30  mptfc           29 *scsi_transport
29 *mptspi          98 *mptscsih       131 *mptbase         52 *sd_mod
237 *scsi_mod

Character Devices:                      Block Devices:
1 mem              10 misc              1 ramdisk          71 sd
2 pty              13 input             3 ide0            128 sd
3 ttyp             14 sound             7 loop            129 sd
4 /dev/vc/0        21 sg                8 sd              130 sd
4 tty              29 fb                9 md              131 sd
4 ttyS            116 alsa             11 sr              132 sd
5 /dev/tty        128 ptm              65 sd              133 sd
5 /dev/console    136 pts              66 sd              134 sd
5 /dev/ptmx       180 usb              67 sd              135 sd
6 lp              188 ttyUSB           68 sd              253 device-mapper
7 vcs             254 snsc             69 sd              254 mdp
9 st                                   70 sd

File Systems:
ext3                [sysfs]             [rootfs]            [bdev]
[proc]              [cpuset]            [sockfs]            [pfmfs]
[futexfs]           [tmpfs]             [pipefs]            [eventpollfs]
[devpts]            ext2                [ramfs]             [hugetlbfs]
minix               msdos               vfat                iso9660
[nfs]               [nfs4]              [mqueue]            [rpc_pipefs]
[subfs]             [usbfs]             [usbdevfs]          [binfmt_misc]

Other options

  • -f : Run procinfo continuously full-screen (update status on screen, the default is 5 seconds, use -n SEC to setup pause)
  • -Ffile : Redirect output to file (usually a tty). For example procinfo -biDn1 -F/dev/tty5

See also:

Finding out a bad or simply overloaded network link with MTR on a Linux & UNIX

in Categories Linux, Monitoring, Networking, Tuning, UNIX last updated April 20, 2006

Traditionally the traceroute (print the route packets take to network host) and ping (send ICMP ECHO_REQUEST to network hosts) programs are used as diagnostic tool to solve and isolate networking errors.

It may take some time to use both tools to diagnose network issues. However, you can use the mtr program instead of ping and traceroute. It is a network diagnostic tool and it is the combination of traceroute and ping programs (in terms of functionality) and works as a single network diagnostic tool.
Continue reading “Finding out a bad or simply overloaded network link with MTR on a Linux & UNIX”