- A reference table when you review /etc/shadow file:
- Blowfish, with correct handling of 8 bit characters
Just stick to sha512 please!
You can change the hash setting by the file: /etc/login.defs and then changing “ENCRYPT_METHOD SHA512” line.
You can also user the authconfig command to accomplish the same thing:
sudo authconfig –passalgo=sha512 –update
After implementing a strong hash setting we must also make users change/update their password in the next login using the following command:
sudo chage -d 0 username
we can also use:
sudo passwd –expire username
for more info:
We can update default password policy in Linux as well:
# Configuration for systemwide password quality limits
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 8
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# ucredit = 0
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# lcredit = 0
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# ocredit = 0
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
# the command below will destroy shadow feature
# and you will be able to view the password with
# /etc/passwd file. NOT RECOMMENDED
# we can also do the same thing for the group file
# To convert the system to use shadow file again, use
# the following commands
||Shuts down the system.
||Mode for administrative tasks.
||Does not configure network interfaces and does not export networks services.
||Multi-user mode with networking
||Starts the system normally.
||For special purposes.
||Start the system normally with appropriate display manager (with GUI)
||Same as runlevel 3
||Reboots the system.
Visit https://en.wikipedia.org/wiki/Runlevel for more.
# create a new user
sudo adduser wonderfulperson
sudo useradd wonderfulperson
# udpate password
sudo password wonderfulperson
# batch add users.
# add the test content below
# username:passwd:uid:gid:full name:home_dir:shell
# back to shell, type the newusers command with attribute
sudo newusers users.txt
?? $ less /etc/passwd | grep user
# look up all of the existing groups in Linux
cut -d: -f1 /etc/group
# To review which group a user belong to use:
# Add groups
sudo groupadd guestusers
sudo addgroup guestusers
# To add one user in multiple groups user the following code:
sudo usermod -a -G <group1>,<group2>,<group3> <username>
?? $ sudo usermod -a -G mysql,apache,sssd user2
?? $ groups user2
user2 : user2 sssd apache mysql
Basic Bash commands
Crtl+A – move to the beginning of a line
Crtl+E – move to the end of a line
Crtl+F == right arrow
Crtl+B == back arrow
Crtl+D – delete a character
Crtl+U – delete from curser positon to the beginning of the line
Crtl+K – delete from the curser positon to the end of the line
Crtl+X then backspace == Crtl+U
Crtl+T transpose a character
Esc+T transpose WORDS
Esc+U change to uppercase – whole word
Esc+L change to lower case
history – show the command history
history -c : clear the history