ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> Fedora >> Current Page |Views: 35034

(Fedora: Lesson 6)

{ Configuring /etc/login.defs }

Section 0. Background Information
  1. What is the /etc/login.defs files.
    • The /etc/login.defs file defines the site-specific configuration for the shadow password suite.

  2. PASS_MAX_DAYS (number)
    • The maximum number of days a password may be used.
    • If the password is older than this, a password change will be forced.
    • If not specified, -1 will be assumed (which disables the restriction).

  3. PASS_MIN_DAYS (number)
    • The minimum number of days allowed between password changes.
    • Any password changes attempted sooner than this will be rejected.
    • If not specified, -1 will be assumed (which disables the restriction).

  4. PASS_WARN_AGE (number)
    • The number of days warning given before a password expires.
    • A zero means warning is given only upon the day of expiration, a negative value means no warning is given.
    • If not specified, no warning will be provided

  5. Pre-requisites
    1. Fedora: Lesson 1: Installing Fedora 14

  6. Lab Notes
    • In this lab we will do the following:
      1. We will edit the /etc/login.def file and set PASS_MAX_DAYS.
      2. We will edit the /etc/login.def file and set PASS_MIN_DAYS.
      3. We will edit the /etc/login.def file and set PASS_WARN_AGE.

  7. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.


Section 1: Edit Virtual Machine
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player


  2. Edit Fedora 14 Virtual Machine Settings
    • Instructions:
      1. Highlight Fedora14
      2. Click Edit virtual machine settings


  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button


Section 2: Play Virtual Machine
  1. Start the Fedora14 VM
    • Instructions:
      1. Click on the Fedora14 VM
      2. Click on Play virtual machine
Section 3: Login to your Fedora14 server.
  1. Login As student
    • Instructions:
      1. Click on student
      2. Provide student password
      3. Click the Login Button


  2. Start Up A Terminal.
    • Applications --> System Tools --> Terminal


  3. Switch User to root
    • Instruction:
      1. su - root
      2. Supply the Root Password


Section 4: Editing /etc/login.defs
  1. Backing Up /etc/login.defs
    • Instructions:
      1. cp /etc/login.defs /etc/login.defs.`date +"%Y%m%d"`
      2. ls -l /etc/login.defs*


  2. Open the /etc/login.defs file.
    • Instructions:
      1. gedit /etc/login.defs 2>/dev/null &
    • Note(FYI):
      1. gedit is a text editor for the GNOME desktop environment, Mac OS X and Microsoft Windows.
      2. 2>/dev/null, means send standard error to a back hole (/dev/null).
      3. &, means run gedit in the background.


  3. Changing the PASS_MAX_DAYS Password Aging Control.
    • Instructions:
      1. Arrow down to the PASS_MAX_DAYS line.
      2. Change PASS_MAX_DAYS from 99999 to 90
    • Note(FYI):
      • By changing PASS_MAX_DAYS to 90 days, each user will be forced to change their password every 90 days.


  4. Changing the PASS_MIN_DAYS Password Aging Control.
    • Instructions:
      1. Arrow down to the PASS_MIN_DAYS line.
      2. Change PASS_MIN_DAYS from 0 to 1
    • Note(FYI):
      • By setting PASS_MIN_DAYS to 1, the each user will be forced to wait 1 day before changing their password after the initial change.
      • This is an attempt to thwarts brute force password changes back to your favorite password.


  5. Changing the PASS_MIN_LEN Password Aging Control.
    • Instructions:
      1. Arrow down to the PASS_MIN_LEN line.
      2. Change PASS_MIN_LEN from 5 to 8
    • Note(FYI):
      • By setting PASS_MIN_LEN to 8, will require each user password to be at least 8 characters long.


  6. Verifying the UMASK.
    • Instructions:
      1. Arrow down to the UMASK line.
      2. Make sure UMASK is set to 077.
    • Note(FYI):
      • By setting UMASK to 077, this will ensure that only the user of the home directory will have read, write, and execute permissions to their own home directory.


  7. Save the /etc/login.defs file
    • Instructions:
      1. Click the Save Button
      2. Click "X" to Close


Section 5: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. egrep '(PASS_|UMASK)' /etc/login.defs | grep -v "#"
      2. date
      3. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle

Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth