Password Aging and Authentication in RHEL7

As I posted in a previous note , the password policy in RHEL 7, and most other linux distributions, is handled by the dynamically-configurable PAM (Pluggable Authentication Modules) system. However, there are a number of other tools implemented in securing the RHEL system. One such tool is the shadow password suite. The shadow suite creates an additional layer of abstraction for the system's login passwords, by removing the account passwords from the /etc/passwd file to a separate file /etc/shadow ;while maintaining the unobstructed use of the rest of the accounts system. The Linux Documentation Project explains it: the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib. The code was originally based on pam_cracklib module, and the module is backwards compatible with its options. The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf . The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5) minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9) dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the

Ricoh SD-Card Reader and Linux

The linux kernel adds the benefit of making firmware drivers available for a large number of widely-used hardware devices and components. This provides great convenience and ensures portability and sane defaults across the various OS distributions. The open-source nature of the Linux kernel, however, relies on the hardware manufacturers to make the firmware and/or drivers available to the Linux community; a process that can be frustratingly slow at times, depending on the hardware manufacturer. Furthermore, once the driver is included in the kernel, it falls on the various OS distributions to make the kernel or a patch to the kernel available for the users to install. The functionality of rarely-used hardware like a multimedia card reader (SD-card reader) are often overlooked by users until the day when they try to use the device. Usually, the kernel will load the necessary modules for the device to function properly during the boot-up process. Though, if an SD-card is not p

localtime Upon a successful login into the VM system, changing the Timezone to which the system’s time is configured can be accomplished by changing the /etc/localtime link . NOTE Since the implementation of systemd in RHEL7, changing the system’s default timezone manually is not persistent; as the /etc/localtime link gets recreated by systemd after a reboot, the user must use timedatectl to make the desired change persistent To change the default timezone to the timezone of Chicago, for example, execute the following as the root user: # cd /etc/ # ls -alh localtime /etc/localtime -> ../usr/share/zoneinfo/America/NewYork # unlink /etc/localtime # ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime /etc/localtime -> ../usr/share/zoneinfo/America/Chicago In the above example, we have changed the timezone from the previous value, pointing to the timezone to which “ NewYork ” belongs, to the timezone of Chicago. The systemd Method fo

Configure rsyslog Server on Fedora

It can be very beneficial for system administrators and network administrators, especially, to log system messages from other machines on the network to a centralized hub. Fedora 20 uses rsyslog as the default syslogd service; this allows administrators to configure remote logging. I'll be detailing the necessary configuration steps of rsyslog in Fedora 20 to allow logging messages from a DD-WRT router. This will entail Edit /etc/rsyslog.conf Set up firewall rule to allow incoming connection to server Configure DD-WRT router to send syslogd messages to our server rsyslog server Our server will be the Fedora 20 machine. There are two configuration files in the /etc/ directory that are of interest to us: /etc/rsyslog.conf /etc/sysconfig/rsyslog However, the latter file is not useful anymore as it states: # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsy

Firefox Apps on Desktops!

The Firefox browser has always thrived as the underdog; the "alternative" browser of choice. It's this sort of identity, along with it's historically strong security record and OpenSource nature, that had propelled it and its predecessor, "mozilla browser", to near 50-percent usage share by some counts . More recently, however, with the browser-market saturation expanded by the additions of Apple's Safari and Google's Chrome browser, Firefox's usage-share has been experiencing a downward trend; even as the newer additions to the browser-market have seen exponential user growth, i.e. Chrome!