May 11, 2018 / 1 Comment
It’s a good security practice to enforce password aging. This helps to prevent unauthorized system access using your credentials. Bad actors can obtain your credentials from a data dump from a previous attack on your network, or from another website or service you may have used. It’s important to note that you should never use common passwords and you should adopt the discipline of using a password management tool.
The logins.defs file
The file located at /etc/login.defs defines the default configuration for various account properties on your Linux system. Multiple user management commands such as “useradd” and others read defaults from this file.
For this example, we will add a few options to our login.defs file, which will enforce password aging.
Open your favorite editor (like vi) and drop the following lines at the bottom of the file:
PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_WARN_AGE 7
The PASS_MAX_DAYS option sets the maximum time for a password to 90 days. After 90 days, the password is required to be changed. The second line, PASS_MIN_DAYS, sets the minimum days before a user can change the password again.
Please note, changing the login.defs file only impacts new user creation. To change existing users, use the chage command as outlined in How to Check (and change) User Password Expiration.
May 11, 2018 / 0 Comments
If you currently utilize password expiration that’s built in to Linux, you may have an account that’s locked out or about to be locked out. How would you check to see if a given user account is locked out?
To do this, use the chage command. This command can display information about when the password will expire as well as change the expiry time.
Checking the Expiry Information
To check the expiry information, use the chage command like this:
# chage -l username
Last password change : Aug 31, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
The output of chage shows us the last password change, when the password will expire and more.
Changing the Expiry Time
If you would like to set the expiry time of a given users password to “never”, use the following command:
To set a specific maximum days before the password is required to be changed, use the following command:
For more information about configuring password aging for all users, see How to Enable Password Aging in Linux.
August 21, 2017 / 0 Comments
Overview
In this brief article I will discuss deploying a low latency kernel for Ubuntu Server 16.04 LTS. This kernel changes the timer frequency from the default 250Hz to 1000Hz. This kernel is also called the “soft real-time kernel” and is forked (and regularly updated) from the generic kernel source tree. This kernel can be useful for all applications that require very low latency response like Asterisk. In this document, I will also describe how to set the lowlatency kernel as the primary kernel, and make sure its update and reboot “proof”. It’s also important to note that this kernel is generally updated days after the generic stock kernel. There’s no need to custom-compile a kernel to achieve higher timer frequency. This approach also assures future kernel updates are quick and painless.
Update the APT Cache
We’re starting with a fresh system, so we should first update the APT cache for good measure.
Install the “linux-lowlatency” package
Use APT to install the “linux-lowlatency” package.
# sudo apt-get install linux-lowlatency
Obtain the “ubuntustudio-default-settings” package from the repository – STEP 1
First, let’s visit https://packages.ubuntu.com/. This step is a little less obvious. The package “ubuntustudio-default-settings” contains a file named “09_lowlatency”. This file is a GRUB configuration file we can use to assure our lowlatency kernel is booted first and assures it will stay that way.
Obtain the “ubuntustudio-default-settings” package from the repository – STEP 2
Search for “ubuntustudio-default-settings” in the search field. Make sure to select “Source package names” and your distribution. Then press “Search”.
Obtain the “ubuntustudio-default-settings” package from the repository – STEP 3
Click on the link named “ubuntustudio-default-settings” to the right of “Binary packages”.
Download the compressed file to your Ubuntu server
We will now download the compressed file to our local system.
# cd /usr/src/; sudo wget -q http://archive.ubuntu.com/ubuntu/pool/universe/u/ubuntustudio-default-settings/ubuntustudio-default-settings_0.61.tar.xz
Extract files in the downloaded package
Extract the files in the “ubuntustudio-default-settings” file.
# sudo tar xvf ubuntustudio-default-settings_0.61.tar.xz
Move the 09_lowlatency GRUB configuration in to /etc/grub.d
We will now move the 09_lowlatency GRUB configuration into /etc/grub.d. This file contains configurations to assure the lowlatency kernel packaage will boot first every time and survive upgrades.
# sudo cp ubuntustudio-default-settings-0.61/etc/grub.d/09_lowlatency /etc/grub.d/
Update GRUB configurations
In this step, we update the grub configurations to assure all grub.cfg and related files are consistent after installation of the additional lowlatency configuration.
Reboot the system
Reboot the system and check if the new lowlatency kernel is installed.
# uname -r
4.4.0-92-lowlatency
August 17, 2017 / 0 Comments
It’s been over six years since my last technical blog post on “adamstechblog.com”. Time has really flown. Stay tuned for more!
November 17, 2009 / 2 Comments
This is a quick article showing how to uninstall McAfee Total Protection from Windows Home Server (WHS). The instructions were not readily available on McAfee’s website as they have removed the KB article “KB64958” from their site.
Here is a link to the uninstaller in case the one mentioned below is not working.
Corporate KnowledgeBase
Additional information for removing Total Protection Service from Windows Home Server
Corporate KnowledgeBase ID:
KB65958
Published:
June 26, 2009
Environment
Microsoft Windows Home Server
Microsoft Windows Home Server OEM implementations
Acer Aspire easyStore
HP home Media Server
Solution
CAUTION: This article contains information about opening or modifying the registry.
- The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
- Before proceeding, McAfee strongly recommends backing up your registry and understanding the restore process. For more information, see: http://support.microsoft.com/kb/256986
- Do not run a .REG file that is not confirmed to be a genuine registry import file.
If you have to remove Total Protection Service from a Windows Home Server (WHS), it is necessary to remove several registry keys that are removed if you use the following:
- Add/remove programs
IMPORTANT: Do not use Add/remove programs to remove Total Protection from WHS. See also KB66148 on severe potential issues.
- mvsuninst.exe
To manually uninstall Total Protection from WHS:
- Download MVSUninst.exe from http://vs.mcafeeasap.com/MC/enu/vs45/bin/mvsuninst.exe
- Run mvsuninst.exe
- Restart your computer.
- Click start, run, type regedit and press ENTER.
- Locate and right-click the following registry key, select Delete and click Yes:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Home Server\KnownAdditions\TopWHSaddin.msi.-8589896854554775808]
- Repeat the previous step for the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Home Server\RegisteredAdditions\{cfcd4bf6-203d-4213-bab4-3c140954287b}]
- Restart your computer.
You are now ready to reinstall the product via the Windows Home Server console Settings screen.
