Linux set default password expiry for all new users

Posted on in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Security, Sys admin, Ubuntu Linux, User Management last updated November 29, 2007

Under Linux password related utilities and config file(s) comes from shadow password suite. The /etc/login.defs file defines the site-specific configuration for this suite. This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace.

You need to set default password expiry using /etc/login.defs file (password aging controls parameters):

  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.

Open file /etc/login.defs using text editor:
# vi /etc/login.defs
Setup (sample) values as follows:
PASS_MAX_DAYS 30
PASS_MIN_DAYS 1
PASS_WARN_AGE 7

Close and save the file.

See also:

Please note that much of the functionality that used to be provided by the shadow password suite is now handled by PAM suite. Next time I will write about PAM configuration.

Routing all mail to unknown users to a single mail account

Posted on in Categories News last updated April 29, 2006

Recently one of our clients mail server was getting lots email message from unknown users which was causing some trouble so I decided to route all mail to unknown users (for verification ) to a single mail account. This server use sendmail MTA. Sendmail has option called LUSER_RELAY.

Open Sendmail configuration file sendmail.mc using text editor:

# vi /etc/mail/sendmail.mc

Add following macro to file:

define(`LUSER_RELAY’,`local:[email protected]’)dnl

Rebuild sendmail.cf:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Reload configuration:

# /etc/init.d/sendmail restart

Please note that you can also configure virtual domains but it will take some time to configure sendmail virtual domains.

See also:

Apache becomes the Leader in SSL Servers

Posted on in Categories News last updated April 27, 2006

Netcraft reports that Apache is now the leader in SSL Server too. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.

Apache has taken much longer to reach the top because version 1.0 did not include SSL at all due to US export control laws and the patent on the RSA algorithm.

SSL support for Apache included using Apache-SSL and mod_ssl software projects.

Three cheers for Apache taking over mighty MS Web server.

Configure your Linux system for different network environments at an office and a home

Posted on in Categories News last updated April 26, 2006

If you are using Linux based laptop at an office or a home, then you may need to configure your Linux system for different network environments.

In good old days, I had couple of shell scripts to change network settings. However, you may find small nifty utility called netenv very useful. When booting your laptop it provides you with a simple interface from which you can choose the current network environment.

You can select the network environment you want from list. netenv works on

  1. Debian Linux
  2. Red Hat Linux
  3. Suse Linux

You can download netenv here or if you are using Debian Linux use apt-get command to install it:

# apt-get install netenv

To configure or to select new network interface just type command:

# netenv

On Debian systems, netenv can work with both PCMCIA and on-board network cards. You can also use netenv to configure your windowmanager or your printing environment.
Please note that if you are using Red Hat Enterprise Linux then you can configure network profile with inbuilt Red Hat network configuration tool:

# redhat-config-network

Above tool can be used to create multiple configuration sets for different networks. A configuration set can include logical devices as well as hosts and DNS settings. After configuring the profiles, you can use the Network Administration Tool to switch back and forth between them.

Schedule Windows server to reboot or shutdown automatically

Posted on in Categories Sys admin, Tips, Troubleshooting, Windows, Windows server last updated September 13, 2007

Sometime it is necessary to reboot (or shutdown) windows server. Under UNIX or Linux you can use reboot / hal t/shutdown command via cron jobs or at command. But, when it comes to Windows server there is no built in command exist. Only Windows 2000 Resource Kit offers shutdown command line utility.

However, sysinternals has nifty utility called PsShutdown. It is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher). PsShutdown requires no manual installation of client software.

How do I schedule Windows Server Reboot / Shutdown?

You can download PsShutdown from sysinternals web site.

Store file on Windows server in folder. I use folder called C:\admutils. Next open windows command prompt (Start > Run > cmd) and use windows at command to schedule reboot:
c:> at 2:00am c:\admutils\psshutdown.exe -r -f -c -t 10
Above command will reboot system at 2am. If you want to shutdown system:
c:> at 1:00am c:\admutils\psshutdown.exe -s -f -c -t 10
Where,

  • -s: Shutdown windows server
  • -r: Reboot windows server
  • -f: Forces all running application to exit
  • -c: Allow the shutdown to by cancel by user
  • -t: Specifies the countdown in seconds until the shutdown

For more information read official psshutdown documentation. Read at command help by typing at /? command.

Running X window graphical application over ssh session

Posted on in Categories News last updated April 21, 2006

SSH, server has feature called X11Forwarding. It specifies whether X11 forwarding is permitted or not. You need to set this parameter to yes. Once this is enabled, you will be able to run a graphical application on server and get applications display (window) on your desktop.

Server setup
For example, login on Linux/BSD system called server1.mydomain.com. Open /etc/ssh/sshd_config file using text editor:

# vi /etc/ssh/sshd_config

Find out parameter X11Forwarding and set it to yes:

X11Forwarding yes

Save file and exit to shell prompt. Restart sshd service under Debian Linux:

# /etc/init.d/ssh restart

Alternatively, if you are using Fedora / Red Hat Linux restart sshd:

# /etc/init.d/sshd restart

Desktop setup
Since X11 forwarding is enabled, just login from desktop system to server1.mydomain.com using ssh command:

desktop $ ssh -X [email protected]

Password:
server1 $
When you login using ssh command, you need to use -X flag to enable X11 forwarding. If you do not use -X flag forwarding it will not work and you will get an error that read as follows:
couldn’t open display (null)

Once you are logged in to server1, if you type the X application command over ssh session, the application will run on server1 and display will appear on your desktop system. For example, run xeyes or open office program:

server1 $ xeyes &
server1 $ ooffice &

Within few seconds, you should get a graphical display on your desktop system.