PASSWORD POLICY FOR SINGLE USER AND ALL_USERS


CHANGE PASSWORD AND ADJUST PASSWORD POLICES FOR SINGLE USER AND ALL USERS AT A TIME:

                vim /etc/login.defaults
which allows to set specific parameters for passwords of the users like pwd length, include special chars, no’s and password expiry, etc…
password hashes are located in /etc/shadow(password policy info).
Ex:
root:$6$neBVcz0K$7zTq20kWszOZKaqRO.4KOgLkwNQPjEi0/xatTa9h2tjfdnWUuv/QaWnt44DqZjMz5YHoc1hcPTgCJiYn5tRd5.:17266:0:99999:7:::
<user>:<passwordhash>:<last pwd date>:<min days before pwd can be changed >:<max no of days before pwd can be changed>:<no of days one should get warning to change pwd>:<no of days account remains active after pwd has expired if it exceeds your account is locked>:<expiration date(yyyy-mm-dd)>
How to we manage above
By using (usermod,passwd,chage)  commands.
                chage –l
                chage –l <username>
it gives all the above info of the specific user.

To change pwd polices for single user you should use chage cmd and for all users you can edit /etc/login.defs

date -d '+50days' +%F  (today date is 2018-12-29)
2019-02-17
F – full date format
d - Display the date and time specified in DATESTR(‘+50days’) instead of the
     current date and time.
++++++++++++++++++++++++++++
Ex:
useradd test
[root@cloudpro2 etc]#  chage -l test
Last password change                                    : Dec 29, 2018
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
[root@cloudpro2 etc]#  date -d '+1day' +%F
2018-12-30
[root@cloudpro2 etc]#  chage -E 2018-12-30 test
[root@cloudpro2 etc]#  chage -l test
Last password change                                    : Dec 29, 2018
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Dec 30, 2018
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
+++++++++++++++++++++++++++++++++++++++++++
Password expires   : max no of days pwd has to be changed.
chage –M 90 test
Account expires  : no of days/date after account expires
chage -E 2018-12-30 test
chage –E -1 test  (to remove expiration date)
Password inactive : no of days after a password expires then account becomes inactive
++++++++++++++++++++
[root@cloudpro2 ~]# chage -M 2 test
[root@cloudpro2 ~]# chage -W 1 test
chage -l test
Last password change                                    : Dec 29, 2018
Password expires                                        : Dec 31, 2018
Password inactive                                       : never
Account expires                                         : Dec 30, 2018
Minimum number of days between password change          : 0
Maximum number of days between password change          : 2
Number of days of warning before password expires       : 1
+++++++++++++++++++++++++++++++++++++
chage -E -1 test
[root@cloudpro2 ~]# chage -l test
Last password change                                    : Dec 29, 2018
Password expires                                        : Dec 31, 2018
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 2
Number of days of warning before password expires       : 1
+++++++++++++++++++++++++++++++++++++++++++++++++++++
usermod -s /sbin/nologin test
[root@cloudpro2 ~]#  su test
This account is currently not available.
usermod -s /bin/bash test
[root@cloudpro2 ~]#  su test
[test@cloudpro2 root]$
++++++++++++++++++++++++++++++++++++++++++
chage –d  <username>
-d – (set date of last password change to LAST_DAY).
chage -d 0 test  -- forces the user to chage pwd next login.
++++++++++++++++++++++++++++++++++++++++++++
[root@cloudpro2 ~]#  chage -l test
Last password change                                    : password must be changed
Password expires                                        : password must be changed
Password inactive                                       : password must be changed
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 2
Number of days of warning before password expires       : 1
+++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

Power Broker

Every server running in your IT environment needs an account, and every account requires privileges. Many organizations take inadequate steps in managing privileged accounts – leaving them vulnerable to attack and opening the door to potentially devastating data breaches. Today, most breaches start with people installing something they shouldn’t, connecting to somewhere they shouldn’t, or accessing data they shouldn’t. What does all of this have in common? Privilege misuse and abuse. When users need elevated privileges on a Unix or Linux server, security admins often turn to free tools like Super User Do, or Sudo (“soo-doo”). Sudo enables privileged access without exposing the root password. But it has flaws. Like limited granularity, lack of data integrity and no log security. Its policies typically need to be managed on each server, making it hard to lock down and prone to tampering. With this ad-hoc tool, it’s virtually impossible to maintain security and compliance
Read more

zabbix-introduction

Image
Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistics, as well as configuration parameters, are accessed through a web-based frontend. A web-based frontend ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers. Zabbix i
Read more

variables in shell scripting

variables in shell scripting: Shell variables are created once they are assigned a value. A variable can contain a number, a character or a string of characters. Variable name is case sensitive and can consist of a combination of letters and the underscore "_". Value assignment is done using the "=" sign. Note that no space permitted on either side of = sign when initializing variables. EX: PRICE_PER_APPLE = 5 MyFirstLetters = ABC greeting = 'Hello world!'   1. A backslash "\" is used to escape special character meaning   EX: PRICE_PER_APPLE = 5 echo "The price of an Apple today is: \ $HK $PRICE_PER_APPLE " o/p: The price of an Apple today is: $HK 5     2. Encapsulating the variable name with ${} is used to avoid ambiguity   EX: MyFirstLetters = ABC echo "The first 10 letters in the alphabet are: ${MyFirstLetters} DEFGHIJ" o/p: The first 10 letters in the alphabet are: ABCDEFGHIJ   3. Encap
Read more