A set of user commands valid time -chage
1.chage command usage scenarios
Modify the gap between the chage this command to view the password expiration time, the expiration time account, the password twice, the user is prompted to change the password on time.
Effective time in the company set up for the general user, the administrator for your account are generally set up effective time to prevent you still have access to after-service terminal. It can also prompt you to change your password regularly, improve user security
2.chage command options
chage [options]
Options:
-d, --lastday the most recent date the last time the password is set to "Last"
-E, --expiredate expiration date of the account expiration time is set to "expiration date"
-h, --help show this help and launched
after -I, --inactive number INACITVE expired INACTIVE days, set a password for state failure
-l, --list display account age information
-m, the minimum number of days --mindays password twice to change the distance between the minimum number of days set is a "minimum number of days"
-M, twice the maximum number of days --maxdays distance between the maximum number of days to change the password is set to "maximum number of days"
-R & lt, --root CHROOT_DIR CHROOT the directory
-W, --warndays warning number of days the number of days to expiration warning "alert days"
3. Check the expiration time users
Create a user to view a user's expiration time, the default expiration time is permanent. The first time was in respect of a password to create the user's date.
chage -l username
[root@web1 ~]# useradd jjh
[root @ web1 ~] # chage -l jjh
last password Modified: October 14, 2019
Password expiration time: Never
password expiration time: Never
account expiration time: Never
twice to change the minimum number of days between password apart : 0
twice to change the distance between the maximum number of days a password: 99999
number of days before password expiration warning: 7
4. Modify the user's expiration time
As I created a user, creation time is 2019-10-14, I use the chage command as the current user zhangsan account has expired (some time has elapsed). Tip account has expired
chage -E Time (xxxx-xxxx) User Name
- [root@proxy ~]# chage -E 2019-10-13 jjh
- [root@proxy ~]$ ssh [email protected]
[email protected]'s password:
Your account has expired; please contact your system administrator
Authentication failed.
5. Define default validity period
/etc/login.defs this configuration file, determines the default password of the account is valid.
- [root@proxy ~]# cat /etc/login.defs
- PASS_MAX_DAYS 99999 // password for the longest period
- PASS_MIN_DAYS 0 // Minimum password validity
- PASS_MIN_LEN 5 // minimum password length
- A few days issuing a warning message before PASS_WARN_AGE 7 // password expiration
- UID_MIN 1000 // UID minimum
- UID_MAX 60000 // UID maximum
Second, lock the user -passwd
1. Lock the user
passwd -l username
[root @ web1 ~] # passwd -l jjh
user jjh password lock.
passwd: successful operation
[root @ web1 ~] # passwd -S JJH
JJH LK 2019-10-14 99999 0 7 -1 (password is locked.)
[root @ web1 ~] # SSH JJH @ // localhost can not log inPermission denied, please try again.
2. Unlock Users
passwd -u username
[root @ web1 ~] # passwd -u jjh
unlock the user jjh password.
passwd: the successful operation of
[@ web1 the root ~] # the passwd -S JJH
JJH the PS 2019-10-14 99999 0 -1. 7 (a password has been set, SHA512 algorithm to use.)
Third, the lock file -chattr
1.chattr command
Usage: chattr + ASabcdDisut file name
A:即Atime,告诉系统不要修改对这个文件的最后访问时间。
S:即Sync,一旦应用程序对这个文件执行了写操作,使系统立刻把修改的结果写到磁盘。
a:即Append Only,系统只允许在这个文件之后追加数据,不允许任何进程覆盖或截断这个文件。如果目录具有这个属性,系统将只允许在这个目录下建立和修改文件,而不允许删除任何文件。
b:不更新文件或目录的最后存取时间。
c:将文件或目录压缩后存放。
d:当dump程序执行时,该文件或目录不会被dump备份。
D:检查压缩文件中的错误。
i:即Immutable,系统不允许对这个文件进行任何的修改。如果目录具有这个属性,那么任何的进程只能修改目录之下的文件,不允许建立和删除文件。
s:彻底删除文件,不可恢复,因为是从磁盘上删除,然后用0填充文件所在区域。
u:当一个应用程序请求删除这个文件,系统会保留其数据块以便以后能够恢复删除这个文件,用来防止意外删除文件或目录。
t:文件系统支持尾部合并(tail-merging)。
X:可以直接访问压缩文件的内容。
2. Delete the file and can not be modified
- [root@proxy ~]# chattr +i /etc/resolv.conf
- [Root @ proxy ~] # lsattr /etc/resolv.conf // permission to view
- ----i---------- /etc/resolv.conf
- [root@proxy ~]# rm -rf /etc/resolv.conf
- rm: can not delete the "/etc/resolv.conf": Operation not permitted
- [root@proxy ~]# echo xyz > /etc/resolv.conf
- -bash: resolv.conf: enough authority
Fourth, the hidden system version
1. account when logging in Linux systems, the default login information will be displayed (including the operating system kernel information)
/ Etc / issue this configuration file is saved in the login information, modify the kernel file to prevent information leakage.
- [Root @ proxy ~] # cat / etc / issue // confirm the original file
- Red Hat Enterprise Linux Server release 6.5 (Santiago)
- Kernel \r on an \m
- [Root @ proxy ~] # vim / etc / issue // modify the contents of the file
- Windows Server 2012 Enterprise R2
- NT 6.2 Hybrid
2. Test version camouflage effect
Exit tty terminal has logged in, or restart the Linux system, the terminal will become a refresh message text custom