At some point, the time will come when a system administrator needs to disable user accounts on a Linux system. This can be achieved by Linux nologin technique. Some common reasons for disabling user accounts are due to some suspicious user activity, or perhaps due to a user’s work contract termination.
security
How to secure SSH best practices
SSH is the primary method of remote access and administration on Linux systems. SSH is a client-server service providing secure, encrypted connections over a network connection.
How to Change SElinux Operational Mode
SELinux, which stands for Security Enhanced Linux, is an extra layer of security control built for Linux systems. The original version of SELinux was developed by the NSA. Other key contributors include Red Hat, which has enabled it by default in their own RHEL and its derivative Linux distributions.
Rsync examples in Linux
rsync stands for “remote sync” and is a powerful command line utility for synchronizing directories either on a local system or with remote machines. It’s built into nearly every Linux system by default and this tutorial will help you to understand rsync better by providing you most common rsync examples administrators use to keep the data synchronised across multiple server/hosts.
Some users mistakenly think of rsync as a file copying tool, like cp or scp.While there’s some overlap, rsync excels in synchronization, specifically. In other words, it can take a source directory and make an identical destination directory.
Testing HTTPS clients using openssl to simulate a server
This article describes how to test your HTTPS client or browser using openssl. To test your HTTPS client, you need an HTTPS server, or a web server, such as IIS, apache, nginx, or openssl. You also need some test cases. There are three common failure modes in SSL/TLS:
- The client makes the connection when it should not,
USB stick encryption using Linux
If you were to ever lose your USB stick, all data stored on it will be lost. More importantly, your USB stick may end up in the hands of some other person, which will have access to your private files, and use that information in any way they please. This is one of many fears of USB stick users. One of the simplest solutions to this dilemma is to keep only non-private information on the USB stick. Obviously, this would defeat a primary purpose for the storage device.
Another solution is to encrypt your USB stick so it will be accessible only to those users who possess the correct password which will fit to decrypt the USB stick’s encryption. This article will deal with the second solution and that is encryption of a USB stick device. Although encrypting an USB stick seems to be the best and easiest solution, it must be said that it also comes with number of disadvantages. The first disadvantage is that decryption of the USB key must be done using a Linux system that has the dm-crypt module installed.
In other words, you cannot use your encrypted USB stick on any Windows machine and UNIX-like system with older kernels. Therefore, to encrypt only a part of the USB stick which holds only private information seems to be a good solution. In this article, we will go through the step by step instructions of encrypting part of a USB device on Linux. Read on to see how it’s done.
In this tutorial you will learn:
- How to install cryptsetup on major Linux distros
- How to partition a USB stick
- How to encrypt a USB stick partition
- How to mount encrypted partition
How to check a current runlevel of your Linux system
Before systemd came into existence, most major Linux distributions ran a Sys-V style init system. Sys-V used seven different “runlevels” to determine which processes to start on the system. For example, runlevel 3 was typically reserved for the command line and its related programs, whereas runlevel 5 would launch a GUI and all the processes required for it. Results may vary, depending on the distro in question.
These days, the vast majority of Linux distros have adopted systemd as their init system. Some distros still use Sys-V, where the implementation of runlevels as described above still exists. On systemd systems, the concept of runlevels is still alive, but they have been adapted into systemd “targets.”
Remnants of Sys-V still exist on some systems, where commands like runlevel still work. But some modern systemd distros have eradicated this support completely. In this guide, we’ll show you how to check the current runlevel on Linux.
In this tutorial you will learn:
- How to check the current runlevel
How to edit a system file with sudoedit preserving the invoking user environment
On Linux and other Unix-based operating systems, sudo is used to run a program with the privileges of another user, often root. When we need to modify a file which requires administrative privileges to be edited, if we launch our favourite text editor directly with sudo, it will run without the customization and settings we use when we invoke it normally, since the environment of the invoking user is not preserved. In this tutorial we will see how can we easily solve this problem and how we can modify system files securely by using sudoedit.
In this tutorial you will learn:
- How to edit a system file using sudoedit
- What are the steps performed when a file is edited with sudoedit
- How to set the default editor used by sudo
How to change password and account expiry options on Linux using chage
Managing the period of time a password of a user should be valid and the date in which said account should expire are very important tasks a system administrator should be able to perform. While some of these parameter can be set when creating an account, it is also possible to change them at a second time, using the chage utility; in this tutorial we see how to use this utility.
In this tutorial you will learn:
- How to get information about an user account ageing
- How to set an account expiration date
- How to set the minimum number of days which should pass between two password changes
- How to set the password expiration date
- How to set the inactive days threshold
- How to set when a user should receive a warning about a future password expiration
Apache .htaccess directory access protection
When running an Apache web server on a Linux system, there may be some directories that you don’t want everyone in the world to be able to access. Apache gives us a couple of different tools that website administrators can use to protect a directory.
One of the most common ways to configure restricted access to a folder is through the .htaccess file. Doing this configuration will prompt users for a password whenever they come across the protected URL. But we can also configure the same protection without .htaccess.
In this guide, we’ll go over the step by step instructions for protecting a directory on an Apache web server, through two different methods. Follow along with us to get the password protection set up on your own website.
In this tutorial you will learn:
- How to protect a directory using .htaccess file
- How to protect a directory without .htaccess file
Recover – Reset Forgotten Linux Root Password
The root account, sometimes called super user, is the admin account on a Linux system, and is essential for performing all kinds of administrative tasks. You’ll need access to it in order to install or remove packages, manage other user accounts, and a lot more things. Anytime you access the root account, either through the su or sudo commands, you’ll be prompted for the root password.
If you have forgotten the password to your system’s root account, you don’t necessarily have to go back to square one and reinstall the whole operating system. It’s possible to recover and reset the root password, even without the old password. In this guide, we’ll take you through the step by step instructions of recovering a forgotten root password on Linux. This will work regardless of the Linux distribution you’re running, as long as its using the GRUB bootloader. Other bootloaders will have similar instructions.
In this tutorial you will learn:
- How to reset a forgotten root password on Linux
How to encrypt partition in Linux
One of the best ways to protect your files on a Linux system is to enable hard disk encryption. It’s possible to encrypt an entire hard drive or partition, which will keep every file that resides there safe. Without the correct decryption key, prying eyes will only be able to see cryptic gibberish when they try to read your files.
In this guide, we’ll go over the step by step instructions of using LUKS to encrypt a Linux partition. Regardless of what Linux distro you’re running, these steps should work the same. Follow along with us below to get partition encryption configured on your own system.
In this tutorial you will learn:
- How to install cryptsetup on major Linux distros
- How to create an encrypted partition
- How to mount or unmount encrypted partition
- How to setup disk encryption during Linux install
How to configure, mount, and access encrypted partition on Linux