It’s a good security practice to enforce password aging. This helps to prevent unauthorized system access using your credentials. Bad actors can obtain your credentials from a data dump from a previous attack on your network, or from another website or service you may have used. It’s important to note that you should never use common passwords and you should adopt the discipline of using a password management tool.
The logins.defs file
The file located at /etc/login.defs defines the default configuration for various account properties on your Linux system. Multiple user management commands such as “useradd” and others read defaults from this file.
For this example, we will add a few options to our login.defs file, which will enforce password aging.
Open your favorite editor (like vi) and drop the following lines at the bottom of the file:
The PASS_MAX_DAYS option sets the maximum time for a password to 90 days. After 90 days, the password is required to be changed. The second line, PASS_MIN_DAYS, sets the minimum days before a user can change the password again.
Please note, changing the login.defs file only impacts new user creation. To change existing users, use the chage command as outlined in How to Check (and change) User Password Expiration.
If you currently utilize password expiration that’s built in to Linux, you may have an account that’s locked out or about to be locked out. How would you check to see if a given user account is locked out?
To do this, use the chage command. This command can display information about when the password will expire as well as change the expiry time.
Checking the Expiry Information
To check the expiry information, use the chage command like this:
# chage -l username
Last password change : Aug 31, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
The output of chage shows us the last password change, when the password will expire and more.
Changing the Expiry Time
If you would like to set the expiry time of a given users password to “never”, use the following command:
To set a specific maximum days before the password is required to be changed, use the following command:
For more information about configuring password aging for all users, see How to Enable Password Aging in Linux.
Ever wanted to run a long-running command but you can’t seem to get it to complete because you have a shaky connection? Can’t run your command in the background? Want to leave your IRC session open so you can SSH from work and catch the chat room action? Enter screen. Screen allows you to
Well, installation depends on your flavor of Linux. Here are the installation methods for a few common flavors of Linux:
To install screen with up2date issue this command:
# up2date -i screen
To install screen with yum issue this command:
# yum -y install screen
To install screen with apt issue this command:
# apt-get install screen
Using screen is extremely easy. Here are a few commands to help you understand how it operates.
Creating a new screen
Type "screen" to start a new screen. Note that the title of putty (if you’re using putty) tells you which screen you are currently attached to by inserting "[screen 0: bash] before your normal [email protected]:/path text.
You should now run any commands you want to save inside your "screen".
Detaching a screen
To detach your current screen simply press "CTRL + AD" (Control plus A then D). You are now presented with a message saying "[detached]". You are now returned to your normal shell outside of your virtual screen.
Attaching to an existing screen
Chances are if you are using screen you’ll need to reattach to your detached screen. Type "screen -r" to reattach to your current screen. If multiple screen sessions are active, you’ll see a list of current screens to choose from. Type "screen -r PID" to reattach to that screen.
Multiple screens to choose from
Here’s a quick demonstration of screen.