Hash Type in Linux Password

A reference table when you review /etc/shadow file:
$1$
md5
$2a$
Blowfish
$2y$
Blowfish, with correct handling of 8 bit characters
$5$
sha256
$6$
sha512

 

Just stick to sha512 please!

You can change the hash setting by the file: /etc/login.defs and then changing “ENCRYPT_METHOD SHA512” line.

You can also user the authconfig command to accomplish the same thing:

sudo authconfig –passalgo=sha512 –update

After implementing a strong hash setting we must also make users change/update their password in the next login using the following command:

sudo chage -d 0 username

we can also use:

sudo passwd –expire username

for more info:

https://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/

 

We can update default password policy in Linux as well:

vi /etc/security/pwquality.conf

# Configuration for systemwide password quality limits
# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 8
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
# ucredit = 0
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
# lcredit = 0
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
# ocredit = 0
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
#

 

Using and Not using Shadow File in Linux

less /etc/passwd
# the command below will destroy shadow feature
# and you will be able to view the password with
# /etc/passwd file. NOT RECOMMENDED
sudo pwunconv

# we can also do the same thing for the group file
sudo grpunconv

 

# To convert the system to use shadow file again, use
# the following commands

sudo pwconv
sudo grpconv

Linux Run Level Reference

ID Name Description
0 Halt Shuts down the system.
1 Single-user mode Mode for administrative tasks.
2 Multi-user mode Does not configure network interfaces and does not export networks services.
3 Multi-user mode with networking Starts the system normally.
4 Not used/user-definable For special purposes.
5 Start the system normally with appropriate display manager (with GUI) Same as runlevel 3 
6 Reboot Reboots the system.

Visit https://en.wikipedia.org/wiki/Runlevel for more.

Adding users and groups in linux

Adding users:

# create a new user
sudo adduser wonderfulperson
sudo useradd wonderfulperson

# udpate password
sudo password wonderfulperson

# batch add users.
vi addmultipleusers

# add the test content below
# username:passwd:uid:gid:full name:home_dir:shell
user1:user1password:::User1:/home/user1:/bin/bash
user2:user2password:::User2:/home/user2:/bin/bash

 

# back to shell, type the newusers command with attribute
sudo newusers users.txt

#example output
?? $ less /etc/passwd | grep user
user1:x:1006:1006:User1:/home/user1:/bin/bash
user2:x:1007:1007:User2:/home/user2:/bin/bash

 

# look up all of the existing groups in Linux
cut -d: -f1 /etc/group

# To review which group a user belong to use:
groups <username>

 

# Add groups
sudo groupadd guestusers
sudo addgroup guestusers

# To add one user in multiple groups user the following code:
sudo usermod -a -G <group1>,<group2>,<group3> <username>
?? $ sudo usermod -a -G mysql,apache,sssd user2
?? $ groups user2
user2 : user2 sssd apache mysql

Bash Line Commands – Most used

Basic Bash commands
Crtl+A – move to the beginning of a line
Crtl+E – move to the end of a line
Crtl+F == right arrow
Crtl+B == back arrow
Crtl+D – delete a character
Crtl+U – delete from curser positon to the beginning of the line
Crtl+K – delete from the curser positon to the end of the line
Crtl+X then backspace == Crtl+U
Crtl+T transpose a character
Esc+T transpose WORDS
Esc+U change to uppercase – whole word
Esc+L change to lower case
history – show the command history
history -c : clear the history