Force User to Change Password at First Login

Create user “user”:
# useradd user

Create password for the user
# passwd user
Set the password to expiry:
#chage -d 0 user

Setting it default for all new Users:
#vi /etc/default/useradd
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=0 #(need to add zero “0”)
SHELL=/bin/bash
SKEL=/etc/skel
GROUPS=video
CREATE_MAIL_SPOOL=no
UMASK=022
This file contains the details, what all settings will be applied to the new users created into the system with useradd command.
Just set the value of EXPIRE=0 in this file, and every time when a new user will be created, will be forced to change the password at first login.

password duration:
for new accounts default settings are in /etc/login.defs
settings for current accounts are in /etc/shadow but we edit by command chage
chage -l [user] #check settings for user
chage -E “YYYY-MM-DD” [user] #set date when account expire, -1 means never
chage -M [nr] [user] #set maximum number of days between password change from last password change, -1 means never expire
chage -d “YYYY-MM-DD” [user] #set last password change
chage -W [nr] [user] #number of days of warning before password expires
chage -i [nr] [user] #set password inactive, when account is blocked after password expire

Thanks to:
http://studyhat.blogspot.be/2011/12/force-user-to-change-password-at-first.html

another way:
# yum install chage
List the password and its related details for an user
# chage –-list username
(or)
# chage -l username
!!!Is not working for same user.

Set Password Expiry Date for an user using chage option -M
# chage -M number-of-days userName
# chage –list userName
Set the Account Expiry Date for an User:
# chage -E “2015-11-29″ userName
# chage -l userName

Force the user account to be locked after X number of inactivity days:
# chage -I 10 userName
# chage -l userName

Disable password aging for an user account:
# chage -m 0 -M 99999 -I -1 -E -1 userName
# chage –list userName

Thanks to:
http://www.thegeekstuff.com/2009/04/chage-linux-password-expiration-and-aging/
http://www.cyberciti.biz/faq/rhel-debian-force-users-to-change-passwords/

Deny hosts

Simply removing th IP from /etc/hosts.deny does not work since DenyHosts keeps track of the attempts in the /usr/share/denyhosts/data directory.
Procedure:
Stop DenyHosts
# /etc/init.d/denyhosts stop
Remove Your IP From /etc/hosts.deny
# vi /etc/hosts.deny
Delete IP address. Save and close the file.
Remove the IP from /usr/share/denyhosts/data Directory
# cd /usr/share/denyhosts/data
You need to edit the following files using vi and remove the lines containing the IP address. Save the file.

hosts hosts-restricted hosts-root hosts-valid users-hosts
If the IP is static, add it to allowed-hosts file.
Any IP address that appears in this file will not be blocked by default (consider this as a whilelist):
# echo ‘x.x.x.x’ >> allowed-hosts
or put the IP directly here: ./var/lib/denyhosts/allowed-hosts
Start DenyHosts
# /etc/init.d/denyhosts start

httpd access control

Insert into section of an Apache configuration file or into .htaccess file or in a virtual host configuration section:

# AuthType Basic
# AuthUserFile /srv/auth/.htpasswd
# AuthName “Sign In Here To Gain Access To the Site”
# Require valid-user

Generating HTTP AUTH Passwords:
# yum install apache2-utils
# htpasswd -mcb /srv/auth/.htpasswd username password
c – create file, m – crypt with md5, b – insert the password in same line, -n – add new user

Access Control Lists with Groups
Insert into section of an Apache configuration file or into .htaccess file or in a virtual host configuration section:
# AuthType Basic
# AuthUserFile /srv/auth/.htpasswd
# AuthGroupFile /srv/auth/.htpgroup
# Require group Authorized

https://www.linode.com/docs/websites/authbased-access-control-with-apache

Install and Configure phpMyAdmin

yum -y install phpmyadmin
Install MySQL server on a CentOS/RHEL
You need download and install MySQL server on CentOS/RHEL using the following yum command:
# yum install mysql-server mysql

Turn on and start the mysql service, type:
# chkconfig mysqld on
# service mysqld start

Set root password and secure mysql installation by running the following command:
# mysql_secure_installation
Step #3: Configure phpMyAdmin

You need to edit /etc/httpd/conf.d/phpMyAdmin.conf file, enter:
# vi /etc/httpd/conf.d/phpMyAdmin.conf

It allows only localhost by default.
For HTTPD SSL enable (mod_ssl) and allow LAN / WAN users or DBA user to manage the database over www.

Require ip 127.0.0.1
Replace with your workstation IP address:
Require ip x.x.x.x
Again find the following line:
Allow from 127.0.0.1
Replace as follows:
Allow from x.x.x.x
Save and close the file. Restart Apache / httpd server:
# service httpd restart

type the following url in browser:
https://your-server-ip/phpMyAdmin/
OR
http://your-server-ip/phpMyAdmin/
# vi /etc/phpMyAdmin/config.inc.php

………

http://www.cyberciti.biz/faq/centos-fedora-redhat-linux-installing-phpmyadmin-webtool/

HTTPD SSL as described here (mod_ssl):
http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/

setup ftp server on linux

yum -y install vsftpd
vi /etc/vsftpd/vsftpd.conf

Disallow anonymous:
anonymous_enable=NO
Allow local uses to login by changing the local_enable setting to YES:
local_enable=YES
If you want local user to be able to write to a directory, then change the write_enable setting to YES:
write_enable=YES
Local users will be ‘chroot jailed’ and they will be denied access to any other part of the server; change the chroot_local_user setting to YES:
chroot_local_user=YES

Restart the vsftpd service:
systemctl restart vsftpd
systemctl enable vsftpd
setup firewall in order to allow traffic on port 21:
vi /etc/shorewall/rules
or
vi /etc/sysconfig/iptables
and restart them

https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6–2
http://www.rackspace.com/knowledge_center/article/rackspace-cloud-essentials-centos-installing-vsftpd
http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/

Drush commands

To install a chosen plugin you should download and enable it. Check the example listed below:
# drush dl addtoany
Project addtoany (7.x-4.0) downloaded to sites/all/modules/addtoany. [success]
# drush en addtoany

# drush cache-clear all
# drush help archive-backup

https://www.drupal.org/node/1096994
http://orga.cat/posts/most-useful-drush-commands
https://www.siteground.com/tutorials/drupal/drush.htm

Nginx documentation

How to Install and Configure a NGINX Server (LEMP Stack)
http://www.farinspace.com/install-and-configure-nginx-server/

How To Setup a NGINX Virtual Host Using a Custom Domain
http://www.farinspace.com/nginx-virtual-host/

copy file from Windows to Linux using scp

Download pscp.exe
Open cmd and go to directory where pscp.exe is downloaded.
run the command:
pscp.exe root@servername:/pathTo/YourFile/ F:\location\of\your\file

for uploading file from Windows to Linux, reverse the order:
pscp.exe F:\location\of\your\file root@servername:/pathTo/YourFile/

C:\Windows\System32>C:\apps\pscp.exe -P portNumber C:\Users\shop\Desktop\filename.zip user@website.com:/tmp

Thanks to:
http://www.it.cornell.edu/services/managed_servers/howto/file_transfer/fileputty.cfm

copy files from Windows to Linux

This can be done using pscp.exe. The steps:

Download pscp.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
Save to disk.
Open Windows CLI: Start -> Run -> type ‘command’ without quotes into Open field and click OK.
Drag ‘pscp.exe’ to the Windows CLI to give the CLI the full path of the command:

Upload specific file:
pscp file user@host:file

Download specific file:
pscp user@host:file file

Download all files in folder:
pscp -unsafe user@host:folder/*.* folder/

Usage: pscp [options] [user@]host:source target
pscp [options] source [source…] [user@]host:target
pscp [options] -ls [user@]host:filespec
Options:
-V print version information and exit
-pgpfp print PGP key fingerprints and exit
-p preserve file attributes
-q quiet, don’t show statistics
-r copy directories recursively
-v show verbose messages
-load sessname Load settings from saved session
-P port connect to specified port
-l user connect with specified username
-pw passw login with specified password
-1 -2 force use of particular SSH protocol version
-4 -6 force use of IPv4 or IPv6
-C enable compression
-i key private key file for authentication
-batch disable all interactive prompts
-unsafe allow server-side wildcards (DANGEROUS)
-sftp force use of SFTP protocol
-scp force use of SCP protocol