User administration: restricting access

1. With the chage command, an account expiration can be set. Once that date is reached, the user cannot log into the system interactively.
Let us run ‘chage’ interactively to set user’s account expiry –

[root@kauai /]# chage sshtest
Changing the aging information for sshtest
Enter the new value, or press ENTER for the default

	Minimum Password Age [0]: 
	Maximum Password Age [99999]: 
	Last Password Change (YYYY-MM-DD) [2015-11-04]: 
	Password Expiration Warning [7]: 
	Password Inactive [-1]: 
	Account Expiration Date (YYYY-MM-DD) [-1]: 2017-03-30

[root@kauai /]# chage -l sshtest
Last password change					: Nov 04, 2015
Password expires					: never
Password inactive					: never
Account expires						: Mar 30, 2017
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

2. In addition to this, the usermod command can “lock” an account with the -L option. Say when a user is no longer with a company, the administrator may lock and expire an account with a single usermod command. The date must be given as the number of days since January 1, 1970. Setting the expiredate to 1 will immediately lock the account –

[student@serverX ~]$ sudo usermod -L -e 1 elvis

[student@serverX ~]$ sudo usermod -L elvis
[student@serverX ~]$ su - elvis
Password: elvis
su: Authentication failure

Locking the account prevents the user from authenticating with a password to the system. It is the recommended method of preventing access to an account by an employee who has left the company. If the employee returns, the account can later be unlocked with

usermod -U USERNAME

. If the account was also expired, be sure to also change the expiration date.

3. The nologin shell. Sometimes a user needs an account with a password to authenticate to a system, but does not need an interactive shell on the system.
For example, a mail server may require an account to store mail and a password for the user to authenticate with a mail client used to retrieve mail.
That user does not need to log directly into the system.

A common solution to this situation is to set the user’s login shell to /sbin/nologin. If the user attempts to log into the system directly,
the nologin “shell” will simply close the connection.

[root@serverX ~]# usermod -s /sbin/nologin student
[root@serverX ~]# su - student
Last login: Tue Feb  4 18:40:30 EST 2014 on pts/0
This account is currently not available.

References –

https://linux.die.net/man/1/chage
https://linux.die.net/man/1/chmod

Linux – Sort IPv4 addresses numerically

A novice user’s first attempt to sort a list of IP addresses would be to use ‘sort -n’, that is a numeric-sort option for sort command. Unfortunately, this will sort only the first quadrant of the IP address preceding the initial dot(‘.’). Definitely the GNU sort command does support sorting IPv4 addresses in numeric order, we just have to specify the right options.

Question to answer –

1. What is our delimiter for IPv4? dot.
2. What type of sorting? numeric.
3. How many fields? four.

Reading the man page for sort provides an option for each – 1) -t. 2) -n 3)-k
The third part might need clarification – since we have dot as a separator, the IP address will have four fields. We need to give sort a key specification (-k), with start and stop positions i.e to story by first quadrant(-k1,1), followed by second(-k2,2), followed by third(-k3,3) and finally by fourth(-k4,4).

The full command looks like this –

sort -t. -n -k1 -k2 -k3 -k4 /tmp/ipv4_file.txt

Let us use ForgeryPy to generate random Ipv4 addresses, we will write a simple python script to generate these random IPs to a file.

First install ForgeryPY –

pip install ForgeryPY

Script to generate IPv4 addresses –

$cat ipv4_generator.py

#!/usr/bin/env python

import forgery_py

uniq_ipv4=set()
for i in range(50):
    uniq_ipv4.add(forgery_py.internet.ip_v4())

with open('/tmp/ipv4_addresses.txt', 'w') as fp:
     for line in uniq_ipv4:
         fp.writelines(line+'\n')

Output –

daniel@linubuvma:/tmp$ cat /tmp/ipv4_addresses.txt
cat: /tmp/ipv4_addresses.txt: No such file or directory
daniel@linubuvma:/tmp$ python ipv4_generator.py
daniel@linubuvma:/tmp$ cat /tmp/ipv4_addresses.txt
222.21.147.97
187.234.9.45
144.101.36.131
31.192.196.59
24.16.131.84
8.52.22.181
17.40.228.224
58.164.169.156
234.78.147.45
254.150.145.225
167.111.243.3
168.168.248.227
68.104.225.196
55.138.152.3
223.30.151.183
235.245.57.76
226.122.222.107
176.199.0.130
13.68.133.125
14.157.155.254
11.155.170.92
249.0.112.141
228.209.60.62
246.130.20.235
113.17.65.20
120.76.166.133
81.191.49.37
17.226.209.151
81.184.136.140
9.172.35.65
129.205.96.54
181.130.8.142
21.78.73.162
5.216.102.88
91.140.115.96
134.140.243.193
177.148.152.60
175.37.63.212
60.175.123.112
176.250.114.170
54.62.22.255
182.78.64.216
238.92.143.140
181.206.65.80
11.139.192.62
38.158.146.36
241.236.161.184
30.223.32.242
233.107.53.70
36.222.68.164
daniel@linubuvma:/tmp$

Let us sort it –

daniel@linubuvma:/tmp$ sort -n -t. -k1,1 -k2,2 -k3,3 -k4,4 /tmp/ipv4_addresses.txt
5.216.102.88
8.52.22.181
9.172.35.65
11.139.192.62
11.155.170.92
13.68.133.125
14.157.155.254
17.40.228.224
17.226.209.151
21.78.73.162
24.16.131.84
30.223.32.242
31.192.196.59
36.222.68.164
38.158.146.36
54.62.22.255
55.138.152.3
58.164.169.156
60.175.123.112
68.104.225.196
81.184.136.140
81.191.49.37
91.140.115.96
113.17.65.20
120.76.166.133
129.205.96.54
134.140.243.193
144.101.36.131
167.111.243.3
168.168.248.227
175.37.63.212
176.199.0.130
176.250.114.170
177.148.152.60
181.130.8.142
181.206.65.80
182.78.64.216
187.234.9.45
222.21.147.97
223.30.151.183
226.122.222.107
228.209.60.62
233.107.53.70
234.78.147.45
235.245.57.76
238.92.143.140
241.236.161.184
246.130.20.235
249.0.112.141
254.150.145.225

Hope this help.

http://man7.org/linux/man-pages/man1/sort.1.html
https://pypi.python.org/pypi/ForgeryPy