Disable Users to login into the server

Suppose we want to take a backup of user's account. So for that first of all we have to block the user to login into their account to maintain data integrity of user's backup files. So using below technique we can do that very easily.enjoy !!!

Edit the pam file located in /etc/pam.d/ directory for the service you want to control.

 Example : Suppose you want to do control  ssh service

Step 1: Add below line in /etc/pam.d/sshd file if it is not available.

account required pam_nologin.so

Step 2: Create the /etc/nologin file,

# touch /etc/nologin

This should disable the login from ssh for every user except administrator user(root).

Step 3: To re-enable the login just remove /etc/nologin

# rm –rf /etc/nologin

Split the Large files

Split on a 300mb example.zip file:

#split -b 100mb example.zip

It will generate 3 files with the following file sizes:

100MB xaa
100MB xab
100MB xac

After split use: cat to combine a file

#cat xa* > example-new.zip 

 

Open port using iptables

To open a required port you have to know the basic information. 

1) Service name ( ssh,ftp,etc...)

2) port number ( 22,25, etc...)

3) tcp port or udp port (tcp or udp)

Example : To enable ssh access to your Server from anywhere

#iptables -A allowed -p tcp -dport 22 -s 0/0 -j ACCEPT

#iptables -A allowed -p udp -dport 22 -s 0/0 -j ACCEPT

Time bases iptables rules

If you want to restrict/allow access to certain service on timely basis using iptables. 

Use : iptables patch-o-matic extension (pom or p-o-m)

That allows us to match a packet based on its arrival or departure  timestamp.

Syntax : iptables RULE -m time –timestart TIME –timestop TIME –days DAYS -j ACTION

                –timestart TIME: Time start value (format is 00:00-23:59)

               –timestop TIME: Time stop value (the same format)

               –days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

Example :  We want to  restrict access to SSH between 10:00 pm - 8:00am on weekdays.

#iptables -A INPUT -p tcp -d 192.168.10.1 –dport 22 -m time –timestart 22:00 –timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Enjoy !!!!!!!!!!!!

Disable a User Account in Linux

Technique 1 : Using /etc/shadow file

Linux systems use /etc/shadow to store the encrypted user passwords.

Active user account will have one line in /etc/shadow 

username:$2$eF7dafdsf$4kfdsm$3Fkm6nl.:13852:0:99999:7:::

Here second field is the encrypted password.

If we replace the password with “*” or “!” this will make the account unusable, and it means that no login is permitted for that user.

username:*:13852:0:99999:7:::

But disadvantage of this technique is password will be loss and we have to generate a new password for this user.

Technique 2 : Using passwd -l

It will lock the user account. After type passwd -l it will give you "password changed" message. This command will do the changes in the /etc/shadow file and add the "!" in the second field of that user.

username:!$2$eF7dafdsf$4kfdsm$3Fkm6nl.:13852:0:99999:7:::

if we want to unlock the user account then we can do that after removing "!" from /etc/shadow file. We can also do that mannual by using passwd -u command.