27th July 2024
Arch Linux / CentOS / Debian / FEDORA / Kali / Linux / MINT / Pardus / Ubuntu

Password Policies for Linux – Chage Command

ÖMER ŞIVKAby ÖMER ŞIVKA

Most Linux users regularly install security updates and use the latest version. As far as we know, they are sensitive and careful. But this sensitivity and attention alone may not be enough. Installing security updates may not be enough if you don’t have a secure password policy, rules applied equally to every user.

Most Linux distributions choose policies by default with rules that will not disturb the user during installation. It is necessary to determine the rules later, such as the obligation to change the password, how many days it should be changed, or how many days the account will be locked if it is not changed.

Chage Command

If you want to make such settings, you can use the command called chage. Easy and simple to use, this command will help you a lot in creating the password policies you choose. From the Help and Man pages, you can see the options and what you can do.

chage --help
man chage
chage --help
chage –help
man chage
man chage

 

chage -l username

If you run the command “chage -l username“, you can see the password rules for the user you want. As seen in the report below, the password of the omer user will never expire, the account will not become inactive, and there will be no obligation to set a new password until 99999 days have passed after the password has been changed.

chage -l omer
chage -l username
chage -l username

 

chage -M 89 username

This command allows you to set as a rule that the user you specify must change their password 90 days after the last password change.

chage -M 89 omer
chage -M 89 username
chage -M 89 username

Example Description of Options Used

sudo chage -m 5 -M 90 -I 30 -W 14 username

You can see the explanations of the options used in the command as follows.

LEARN MORE  What is Gophish? Gophish Installation and Scenario
sudo chage -m 5 -M 90 -I 30 -W 14 username
sudo chage -m 5 -M 90 -I 30 -W 14 username

 

-m 5: After a password is changed, it has been determined that at least 5 days must pass before it can be changed again.

-M 90: When 90 days have passed since the password change, the user was obliged to change his password.

-I 30: If the user has not logged in for 30 days since the last login, the account must be deactivated as a rule. If you will be away from your computer for a long time, we recommend that you use it carefully.

-W 14: It will provide a warning to the user as of 14 days before the expiry of the password.

Note: To continue using your computer more securely, start yourself and try tightening your own user password policies. Although it may seem boring after a while, people feel safer the system they use.

 

ÖMER ŞIVKA

View all posts by ÖMER ŞIVKA →

You might also like

New Linux Kernel Vulnerability – CVE-2021-33910,CVE-2021-33909

Docker Installation on Ubuntu

What is Metasploit? Update Error and Response

Leave a Reply

Your email address will not be published. Required fields are marked *