Tuesday, March 28, 2017

Squid Proxy Server- Installation & Configuration

Hello Linux-Fanatics. In this tutorial we will be discussing Squid Proxy Server, which is a widely used Open Source web proxy.But before we dig deep into it, lets discuss what is a Web proxy server & what are the benefits of using a web proxy.

Web Proxy

A proxy is an intermediary/middle-agent between computer/computers & other resources, mostly internet. It seeks requests from client & transfer them to internet.

Benefits of a Web Proxy

It can be used to accelerate the internet as a proxy can build up a cache of frequently used websites, which makes it easier & faster to load up after,
Can be used to block/allow websites as required,
also can be used to bypass another web proxy . For example in many organizations Social networking websites like Facebook, Twitter , Youtube etc are not allowed. So a web proxy can be used to bypass those restrictions & provide access to restricted websites.

Squid proxy server

Its a caching proxy server which supports HTTP, HTTPS, FTP . It can be used as an accelerating server, thereby decreasing response time & reducing bandwidth. It can also be used for the purpose of Web filtering due to availability of extensive access controls.

And we will be exploring web filtering part in this tutorial.

Scenario Setup

Firstly, to test or create a squid proxy setup, we will need a squid server & a client machine.

Squid server Client’s Machine

OS : Centos/RHEL 6 or 7 OS: Centos/RHEL 6 or 7

Hostname : server.test.com Hostname: client1.test.com

IP Address :192.168.1.100 IP Address : 192.168.1.101

Important

Configuration file /etc/squid/squid.conf

Default port 3128

Installation

In order to install, use following command

yum install squid -y

Configuration

We need to create an ACL rule (Access Control List), which is the list or rule with list of access control entries.Some acl rules are already written in configuration file by default in the configuration file,

acl localhost src 127.0.0.1/32

http_access allow localhost (some lines below the above line)

So, this is what an acl rule look like. Lets see what these means,

firstly,acl this is declaring that a new acl is starting

then,localhost is the name of acl created

src is used in case acl is for local Ipadress , srcdomain is used for declaring Localdomain, dst for public IP & dstdomain for publlic domain name

and lastly,127.0.01/32 declares the IP Address on which the acl is to be applied, in this case its localhost or 127.0.0.1

Next line i.e. http_access allow localhost, means

http_access will initiate an action based on next word

allow/deny will either allow or deny access

and,localhost again is the name of acl as declared above.

So, basically that how we create a ACL/rule in squid proxy server.

Now, lets restart our server (with default config file) & configure the client machine to see if proxy is working properly.

service squid restart

chkconfig squid on

Note Its always wise to have a backup of original configuration file when starting to make changes. So, create a backup a backup of before starting.

Configuration on Client Side

Open Firefox Browser &

Open Edit menu —> Preferences —> Advanced —-> Settings
Check the box ‘ Manual proxy configuration’ & enter IP Address & Port Number of squid proxy server.

In our case its 192.168.1.100 & 3128.

Click OK

& that’s all we need to configure on Client’s side.

Then we check out if its works. Open a website (example Facebook.com), if proxy server is working properly you will be greeted with an error ‘ Access Denied’. That’s because by default internet access is denied for all in server.

Now, lets check logs in server, to see if a request was received by proxy server or not,

tail -f /var/log/squid/access.log

and it should show you all the received requests from client to server.

Restricting access to websites

In order to restrict access to a website, open configuration file & then create a new acl

acl blacksite .facebook.com

and deny access to the acl

Note Also set “http_access deny all” to “http_access allow all “, otherwise we wont be able to access internet.

Now, restart your squid proxy server to apply changes or we can also use squid -k reconfigure to implement changes to server without restarting the server.

then, we will access client’s machine and open Facebook but you wont be able to access it at all. As for other websites you can access them just fine.

Now, we will proceed further & discuss how to block multiple website with single acl, creating a time based acl & also speeding up our browsing by enabling cache.

Blocking Multiple websites

Firstly, we will create a file named blacksites (or bad-domains or whatever )

vi /etc/squid/blacksites

and add the websites we need blocked & save the file

.facebook.com

.youtube.com

.twitter.com

Now, open main configuration file

vi /etc/squid/squid.conf

and create a new acl

acl blacksites dstdomain /etc/squid/blacksites

then, we deny access to the created acl

http_access deny blacksites

lastly, restart proxy server to apply changes.

service squid restart

Note you can also use squid -k reconfigure to apply changes to server without actually restarting the server.

Time based acl

Sometimes, we might require access to a blocked website for a certain period of time or we might need to block certain websites for certain time. This can be achieved using a time based acl

Firstly, open configuration file

vi /etc/squid/squid.conf

then create a new acl and allow access to the acl

acl timebased time MTW 10:30-11:30

http_access allow blacksites

lastly, restart your server to implement changes. & we now have access of blocked sites on Monday, Tuesday & Wednesday between 10:30AM to 11:30AM .

Enabling cache to speed up browsing

So, by enabling cache in our server we can speed up our browsing speed for frequently visited pages.

By adding just one line in our configuration file, we can enable cache.

To enable cache , open configuration file

vi /etc/squid/squid.conf

and add following line to bottom of the file

cache_dir ufs /var/cache/squid 2000 16 256

where ufs is squid storage format,

/var/cache/squid is path for cache storage,

2000 is size in MB can be used for cache,

and, 16 is number of 1^st level sub-directories & 256 is 2^nd level sub directories in cache folder.

Some pretty useful SQUID tips & tricks

Setting up squid with a customized port

Default port number for Squid proxy server is 3128 but we can change it any other port as per our requirement. For example, if we want to change the default port from 3128 to 8080, we can do so by making any entry for same in squid configuration file i.e. ‘/etc/squid/squid.conf‘

Open squid.conf,

$ sudo vim /etc/squid/squid.conf

& search for ‘http_port 3128’ & change it to

http_port 8080

Save file & exit. Than restart the squid service to implement the changes.

$ sudo systemctl restart squid

We can also use

$ sudo squid -k reconfigure

to implement changes, without restarting the squid service.

Limit download size of the files

We can also impose a download limit based on file size for squid proxy users. We need to provide ‘reply_max_body_size’ directive in squid.conf file to impose a file size limit.

Open squid.conf

$ sudo vim /etc/squid/squid.conf

& make the following entry in the bottom of the file

reply_body_max_size 5120 KB all

This will impose a limit of max 5Mb download for a single file for all the squid users. We can also impose limit based on user,

reply_body_max_size 5120 KB user1 user2

or based on group,

reply_body_max_size 5120 KB user1 group2

After making changes to file save it & restart or reconfigure squid to implement the changes.

Limit upload size of the files

To impose limit of size of file that can be uploaded, we use “request_body_max_size”. Make the following entry in squid.conf to impose limit on file uploads,

$ sudo vim /etc/squid/squid.conf

request_body_max_size 100kb

Save file & restart/reconfigure the squid server to implement changes. We can also impose upload limits based on users & groups, same as we imposed limits on file download.

Allow Squid proxy to cache all requests

To cache all the requests that are made in squid server, add the following directive in squid.conf file,

$ vim /etc/squid/squid.conf

cache allow all

Save file & reconfigure the squid server to implement the changes.

Disable caching of some websites

To disable cache only on some website, we will first create an ACL with websites & than disable the caching for that ACL. Make the following entries on squid.conf file,

$ vim /etc/squid/squid.conf

acl NOcache_websites dstdomain www.linuxtechlab.com www.msn.com

no_cache deny Nocache_websites

Save file & restart/reconfigure the squid server to implement changes.

Deny cache requests for some file extensions

To disable caching of files with certain extension, add the following lines in squid.conf file.

$ sudo vim /etc/squid/squid.conf

hierarchy_stoplsit .mp3 ?

hierarchy_stoplist .xls ?

acl ext1 urlpath_regex \.mp3 \?

acl ext2 urlpath_regex \.xls \?

no_cache deny ext1

no_cache deny ext2

Here, we have blocked caching for MP3 & XLS files. Save file & restart/reconfigure the squid server to implement changes.

Note:- To remove existing cached file, execute following command from terminal,

$ sudo rm -rf /var/spool/squid/*

Deny all cache requests

To deny all cache requests made to squid server, add the following directive in squid.conf file

$ vim /etc/squid/squid.conf

cache deny all

Save file & reconfigure the squid server to implement the changes.

Friday, March 24, 2017

How To Install VMWare Player On Ubuntu 16.04

VMware Workstation Player 12.5

VMware Workstation Player 12.5 has been released with various bug fixes and various issues resolved:

A Linux host with kernel 4.6 fails to launch Workstation because the vmmon and vmnet drivers are not built successfully. This issue is resolved.
If you configure Revert to snapshot when a VM is powered off from Options-> Snapshots, the VM actually reverts to a snapshot when suspended. This issue is resolved.
VMware Workstation Player window does not close after the VM is powered off
Unable to install VMware Tools in FreeBSD 10.3 guest OS
Unable to launch Workstation Player on Fedora 23 host
USB Ethernet adapter fails to connect to the VM
VMware Workstation Player throws Runtime Error when you disconnect Surface Camera from a VM
Incorrect resolution in Workstation Player
VMware Workstation Player cannot boot virtual machines on a 64-bit Braswell N3150 processor
On the Ubuntu 15.10 and later versions guest operating system, replacing open-vm-tools with the bundled VMware Tools version, might cause VMware Tools to work improperly

Install VMWare Player on Ubuntu

Run the following commands in Terminal to install VMware Workstation Player 12.5 on Ubuntu 16.04, Ubuntu 15.04, Ubuntu 14.04 and other Ubuntu Derivatives:



mkdir ~/vmware

cd ~/vmware

wget -c https://download3.vmware.com/software/player/file/VMware-Player-12.5.0-4352439.x86_64.bundle

sudo chmod u+x VMware-Player-12.5.0-4352439.x86_64.bundle

sudo ./VMware-Player-12.5.0-4352439.x86_64.bundle

As soon as the installer starts, please follow on screen instructions to complete the installation.

Friday, March 3, 2017

[Quick Tips: Microsoft VS]: Install Microsoft Visual Studio Code In Linux

Install Microsoft Visual Studio Code In Linux

Microsoft Visual Studio Code is an open source, lightweight and powerful source code editor. It comes with built-in support for JavaScript, TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++, C#, Python, PHP, Go) and runtimes (such as .NET and Unity). It is a cross-platform code editor, so you can use it in Microsoft Windows, GNU/Linux, and Mac OS X.

Visual Studio Code version 1.10 has been just released and is available for download. The latest version has brought number of significant updates such as Minimap, easy drag and support within the editor, copy text with formatting, official Linux repositories, integrated Terminal output, keybindings for tasks and file explorer, Copy code examples with full syntax highlighting and more. For more details, check the release notes.

Visual Studio Code 1.10 release notes

In this tutorial, we are going to see how to install latest Visual Studio Code editor in Linux.

Install Microsoft Visual Studio Code In Linux

Microsoft developers has made VS Code repositories for different Linux distributions to ease the installation.

On Ubuntu and its derivatives, run these commands to to import singing key VS Code repository:

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'

Then, update the repository lists and install VS Code as shown below.

sudo apt-get update

sudo apt-get install code

On RHEL, CentOS, Fedora, run the following commands to import singing key VS Code repository:

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

sudo sh -c 'echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/vscode.repo'

Update the package cache and install VS Code as shown below.

yum check-update

sudo yum install code

On SUSE/openSUSE, run the following commands to import singing key VS Code repository.

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

sudo sh -c 'echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ntype=rpm-md\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/zypp/repos.d/vscode.repo'

Update the package cache and install VS Code as shown below.

sudo zypper refresh

sudo zypper install code

Once installed, you can open the VS Code editor using command:

code

If you see a screen something like below, congratulations! You have successfully installed Microsoft Visual Studio Code in your Linux distribution.

You can make VS Code as default text editor for text files with the following command:

xdg-mime default code.desktop text/plain

I have installed MS Visual Studio Code, now what? Refer the following links to getting started with Visual Code.

And, that’s all for now. Have you tried Visual studio in Linux? What is your thoughts about it? Give us your feedback in the comment section below.

Cheers!

Resource:

Visual Studio Code Website

Wednesday, March 1, 2017

[Quick Tips: Bash Script]: What is the Linux equivalent to DOS pause?

What is the Linux equivalent to DOS pause?

"read" does this:

user@host:~$ read -n1 -r -p "Press any key to continue..." key
[...]
user@host:~$

The -n1 specifies that it only waits for a single character. The -r puts it into raw mode, which is necessary because otherwise, if you press something like backslash, it doesn't register until you hit the next key. The -p specifies the prompt, which must be quoted if it contains spaces. The key argument is only necessary if you want to know which key they pressed, in which case you can access it through $key.

If you are using bash, you can also specify a timeout with -t, which causes read to return a failure when a key isn't pressed. So for example:

read -t5 -n1 -r -p 'Press any key in the next five seconds...' key
if [ "$?" -eq "0" ]; then
    echo 'A key was pressed.'
else
    echo 'No key was pressed.'
fi

Commands

Enter solution

read -rsp $'Press enter to continue...\n'

Escape solution (with -d $'\e')

read -rsp $'Press escape to continue...\n' -d $'\e'

Any key solution (with -n 1)

read -rsp $'Press any key to continue...\n' -n 1 key
# echo $key

Question with preselected choice (with -ei $'Y')

read -rp $'Are you sure (Y/n) : ' -ei $'Y' key;
# echo $key

Timeout solution (with -t 5)

read -rsp $'Press any key or wait 5 seconds to continue...\n' -n 1 -t 5;

Sleep enhanced alias

read -rst 0.5; timeout=$?
# echo $timeout

Explanation

-r specifies raw mode, which don't allow combined characters like "\" or "^".
-s specifies silent mode, and because we don't need keyboard output.
-p $'prompt' specifies the prompt, which need to be between $' and ' to let spaces and escaped characters. Be careful, you must put between single quotes with dollars symbol to benefit escaped characters, otherwise you can use simple quotes.
-d $'\e' specifies escappe as delimiter charater, so as a final character for current entry, this is possible to put any character but be careful to put a character that the user can type.
-n 1 specifies that it only needs a single character.
-e specifies readline mode.
-i $'Y' specifies Y as initial text in readline mode.
-t 5 specifies a timeout of 5 seconds
key serve in case you need to know the input, in -n1 case, the key that has been pressed.
$? serve to know the exit code of the last program, for read, 142 in case of timeout, 0 correct input. Put $? in a variable as soon as possible if you need to test it after somes commands, because all commands would rewrite $?

[Quick Tips: Find File type & Backup]: How To Find and Copy Certain Type Of Files From One Directory To Another In Linux

How To Find and Copy Certain Type Of Files From One Directory To Another In Linux

There might be many ways to do this, but I found that the following method is really simple and handy. We will use ‘find’ command to achieve this goal. Find command comes pre-installed on most Unix-like distributions. So don’t bother installing it. For the purpose of this guide, I will show how to quickly find and copy mp3 files from one directory called test1, to another directory called test2.

Let us check the contents of test directory.

ls /home/sk/test1

Sample output:

'Bombay Rockers - Sexy Mama.mp3' 'Marconi Union - Sleepless.mp3' wiua9.jpg
 books.txt Maruvaarthai.mp3

As you see in the above result, there three mp3 files in the test1 directory. I wanted to copy the mp3 files to another directory test2. Here is how to do this.

Go to test1 directory:

cd /home/sk/test1/

Then, run the following command to find and copy all files that ends with extension .mp3.

find -iname '*.mp3' -exec cp {} /home/sk/test2/ \;

Let us break down the above command and see what each option does.

find – It’s the command to fild files and folders in Unix-like systems
-iname ‘*.mp3’ – Search for files matching with extension .mp3
-exec cp – Tells you to execute the ‘cp’ command
{} – is automatically replaced with the file name of the files found by ‘find’ command
/home/sk/test2/ – Target directory to save the matching files
\; – Indicates it that the commands to be executed are now complete, and to carry out the command again on the next match.

That’s all. Now, let us go and check the test2 to verify if the files are copied correctly.

ls /home/sk/test2

Sample output would be:

'Bombay Rockers - Sexy Mama.mp3' Maruvaarthai.mp3
'Marconi Union - Sleepless.mp3'

As you can see the the files with extension .mp3 have been successfully copied from test1 directory to test2 directory. Similarly, you can copy all types of files without much effort to different directories. It will save you a lot of time. This trick could be helpful if you have large amount of different types of files in a directory.

Tuesday, February 7, 2017

[Quick Tips: Chage]: Password Expiration and Aging

Examples to Manage Linux Password Expiration and Aging Using chage

NAME

chage change user password expiry information

SYNOPSIS

chage [options] [LOGIN]

DESCRIPTION

The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

OPTIONS

TAG	DESCRIPTION
-d, --lastday LAST_DAY	Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
-E, --expiredate EXPIRE_DATE	Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
-h, --help	Display help message and exit.
-I, --inactive INACTIVE	Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again. Passing the number -1 as the INACTIVE will remove an account's inactivity.
-l, --list	Show account aging information.
-m, --mindays MIN_DAYS	Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change his/her password at any time.
-M, --maxdays MAX_DAYS	Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.Passing the number -1 as MAX_DAYS will remove checking a password's validity.
-W, --warndays WARN_DAYS	Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire.

EXAMPLES

EXAMPLE-1:
Use chage command to list the password aging information of a user

$ chage -l testuser

output:

Last password change : May 01, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 15

EXAMPLE-2:
Disable password aging for a user

$ chage -I -1 -m 0 -M 99999 -E -1 testuser

-I -1 : This will set the “Password inactive” to never
-m 0 : This will set the minimum number of days between password change to 0
-M 99999 : This will set the maximum number of days between password change to 99999
-E -1 : This will set “Account expires” to never.
This will disable the password expiry of a user if it is already enabled.

EXAMPLE-3:
Enable password expiry date of a user

$ chage -M 20 testuser

Output
Last password change : May 01, 2016
Password expires : May 21, 2017
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 15

EXAMPLE-4:
Set the Account expiry date in the format YYYY-MM-DD

$ chage -E 2017-05-28

output:
Last password change : May 01, 2016
Password expires : May 28, 2017
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 15

EXAMPLE-5:
Set the password expiry warning message

$ chage -W 10 testuser

User will start getting warning about the password expiry which is set to 10 days.

EXAMPLE-6:
Forcing the users to change the password on next logon

$ chage -d 0 testuser

This will reset “Last Password Change” to “Password must be changed”.


In this article let us review how you can use Linux chage command to perform several practical password aging activities including how-to force users to change their password.

On debian, you can install chage by executing the following command:
# apt-get install chage

 
Note: It is very easy to make a typo on this command. Instead of chage you may end up typing it as change. Please remember chage stands for “change age”. i.e chage command abbreviation is similar to chmod, chown etc.,

1. List the password and its related details for an user

As shown below, any user can execute the chage command for himself to identify when his password is about to expire.
Syntax: chage –-list username (or) chage -l username

$ chage --list dhinesh
Last password change                                    : Apr 01, 2009
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

 
If user dhinesh tries to execute the same command for user ramesh, he’ll get the following permission denied message.
$ chage --list ramesh
chage: permission denied

 
Note: However, a root user can execute chage command for any user account.
 
When user dhinesh changes his password on Apr 23rd 2009, it will update the “Last password change” value as shown below.
 
Please refer to our earlier article: Best Practices and Ultimate Guide For Creating Super Strong Password, which will help you to follow the best practices while changing password for your account.
$ date
Thu Apr 23 00:15:20 PDT 2009

$ passwd dhinesh
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

$ chage --list dhinesh
Last password change                                    : Apr 23, 2009
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

2. Set Password Expiry Date for an user using chage option -M

Root user (system administrators) can set the password expiry date for any user. In the following example, user dhinesh password is set to expire 10 days from the last password change.
 
Please note that option -M will update both “Password expires” and “Maximum number of days between password change” entries as shown below.
Syntax: # chage -M number-of-days username

# chage -M 10 dhinesh

# chage --list dhinesh
Last password change                                    : Apr 23, 2009
Password expires                                        : May 03, 2009
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

3. Password Expiry Warning message during login

By default the number of days of warning before password expires is set to 7. So, in the above example, when the user dhinesh tries to login on Apr 30, 2009 — he’ll get the following message.
$ ssh dhinesh@testingserver
dhinesh@testingserver's password:
Warning: your password will expire in 3 days

4. User Forced to Change Password after Expiry Date

If the password expiry date reaches and user doesn’t change their password, the system will force the user to change the password before the login as shown below.
$ ssh dhinesh@testingserver
dhinesh@testingserver's password:

You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for dhinesh
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:

5. Set the Account Expiry Date for an User

You can also use chage command to set the account expiry date as shown below using option -E. The date given below is in “YYYY-MM-DD” format. This will update the “Account expires” value as shown below.
# chage -E "2009-05-31" dhinesh

# chage -l dhinesh
Last password change                                    : Apr 23, 2009
Password expires                                        : May 03, 2009
Password inactive                                       : never
Account expires                                         : May 31, 2009
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

6. Force the user account to be locked after X number of inactivity days

Typically if the password is expired, users are forced to change it during their next login. You can also set an additional condition, where after the password is expired, if the user never tried to login for 10 days, you can automatically lock their account using option -I as shown below. In this example, the “Password inactive” date is set to 10 days from the “Password expires” value.
 
Once an account is locked, only system administrators will be able to unlock it.
# chage -I 10 dhinesh

# chage -l dhinesh
Last password change                                    : Apr 23, 2009
Password expires                                        : May 03, 2009
Password inactive                                       : May 13, 2009
Account expires                                         : May 31, 2009
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

7. How to disable password aging for an user account

To turn off the password expiration for an user account, set the following:

-m 0 will set the minimum number of days between password change to 0
-M 99999 will set the maximum number of days between password change to 99999
-I -1 (number minus one) will set the “Password inactive” to never
-E -1 (number minus one) will set “Account expires” to never.

# chage -m 0 -M 99999 -I -1 -E -1 dhinesh

# chage --list dhinesh
Last password change                                    : Apr 23, 2009
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Friday, February 3, 2017

Quick Tips: run single command to multiple systems[]: How To Run Single Command On Multiple Remote Systems At Once

How To Run Single Command On Multiple Remote Systems At Once

Today, we are going to see to how to run a single command on multiple remote systems at once in Unix-like operating systems. As you already know, we can access and communicate with remote system using ssh. openSSH allows us to do all sorts of administration tasks in a remote system. One limitation with openSSH is we can’t run the single command on multiple remote systems at once. No problem. Here comes PSSH in help.

PSSH, or Parallel SSH, is a command line suite that helps you to ssh in parallel on a number of hosts. PSSH suite consists of the following commands:

pssh – SSH to multiple remote systems in parallel
pscp – Copy files in parallel to a number of hosts
prsync : Copy files in parallel to a number of hosts
pnuke : Kill processes in parallel on a number of hosts
pslurp : Copy files in parallel from a number of hosts

In this tutorial, we will see how to execute a single command on multiple hosts at once using PSSH.

Run Single Command On Multiple Remote Systems At Once

We can easily install PSSH using PIP, a python package manager.

To install PIP on Arch Linux and its derivatives, run:

sudo pacman -S python-pip

On RHEL, Fedora, CentOS:

sudo yum install epel-release

sudo yum install python-pip

Or,

sudo dnf install epel-release

sudo dnf install python-pip

On Debian, Ubuntu, Linux Mint:

sudo apt-get install python-pip

Once PIP installed, run the following command to install PSSH.

sudo pip install pssh

Usage

Important: In order to use PSSH (for the purpose of this tutorial only), all your remote systems must have a common username with same password. Otherwise, this method won’t help. Say for example, I have already created an user called sk with password ostechnix on all my remote hosts.

Now, let us see how to run a single command on multiple remote hosts using PSSH. Go to your local system where you want to run the command and create a text file called remotehosts.txt. You can name it as you wish.

vi remotehosts.txt

Add IP addresses of your remote hosts with port numbers one by one as exactly shown below.

192.168.1.103:22
192.168.1.104:22

Where, 192,168.1.103 and 192.168.1.104 are the IP addresses of my remote systems. 22 is the ssh port number. You need to mention the correct port number if you changed it already. Also, make sure you can be able to access all remote hosts from your local system via ssh.

Now, let us check the uptime of both remote hosts from our local system. To do so, run:

pssh -h remotehosts.txt -l sk -A -i "uptime"

Here,

remotehosts.txt – Contains the IP addresses of both remote systems.
sk – the username of both remote systems

Enter the password of the user “sk”.

Sample output:

Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 20:51:15 [SUCCESS] 192.168.1.103:22
 20:50:50 up 8 min, 1 user, load average: 0.05, 0.11, 0.10
[2] 20:51:15 [SUCCESS] 192.168.1.104:22
 20:50:52 up 12 min, 1 user, load average: 0.00, 0.07, 0.12

As you see above, we have run the uptime command on two remote hosts and got the result in one go.

What about the kernel version? To check the installed version of both remote hosts, run:

pssh -h remotehosts.txt -l sk -A -i "uname -r"

Sample output:

Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 20:53:09 [SUCCESS] 192.168.1.103:22
3.10.0-327.22.2.el7.x86_64
[2] 20:53:09 [SUCCESS] 192.168.1.104:22
4.4.0-21-generic

Very cool, isn’t? Can we create a directory on both remote hosts at once? Yes, of course! To do so, run the following command:

pssh -h remotehosts.txt -l sk -A -i "mkdir dir1"

Similarly, you can do anything you want to do on multiple remote hosts from your local system using PSSH.

Very very Important: Please be very careful while using PSSH. One bad command will perform simultaneously on multiple hosts and damage all hosts. So, be cautious while using this method in production. I suggest you to test this in a virtual machines. Once you’re familiar with PSSH, you can use it on production if you like to.