Working with Linux Accounts and Password Policies

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this lab, we will learn how to configure Linux accounts and security policies. Specifically, we will set password requirements, configure account lockout settings, and create a temporary user account that will expire on a pre-determined date.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Set up password requirements on a Linux host.

Set the minimum password length to 12 characters:

  1. Run the command sudo nano /etc/pam.d/common-password.
  2. At the end of the first uncommented line (line 25) add minlen=12, one space after sha512.
  3. Save the file and exit nano.

Set the maximum password age to 180 days and the minimum password age to 3 days:

  1. Run the command sudo nano /etc/login.defs.
  2. Search for 99999 (press Ctrl + W to search).
  3. Replace 99999 with 180.
  4. On the next line down, replace the 0 with 3.
  5. Save the file and exit nano.
Configure the account lockout settings on a Linux host.

Configure accounts to lock out after 3 failed logins and remain locked out for 10 minutes. Do not configure the root account to lock out after any amount of failed login attempts.

  1. Run the command sudo nano /etc/pam.d/common-auth.
  2. Add a line above the first non-commented line and add the following code: auth required onerr=fail deny=3 unlock_time=600 audit
Create a temporary user account.

The temporary account name should be contractor1, and it should expire one week from today.

  1. Run the following command:
    sudo adduser contractor1
  2. Provide a password for the account.
  3. Run the following command (replace <YYYY-MM-DD> with the date for one week from today):
    sudo chage -E "&lt;YYYY-MM-DD>" contractor1
  4. Verify that the account expiration is correctly configured by running the following command and checking the Account expires date:
    sudo chage -l contractor1

Additional Resources

Your supervisor has asked you to update the password settings and account lockout settings on an Ubuntu server. The security-related changes are listed below:

  1. Update password settings to force the minimum password length to be 12 characters, set the minimum password age to 3 days, and set the maximum password age to 180 days.
  2. Configure the accounts to lock out after 3 failed login attempts and to lock out for 10 minutes. Do not include the root user account in the account lockout settings.

You've also been tasked with setting up a temporary user account called contractor1 that will expire one week from today.

Connecting to the lab:

  1. Use VNC on your computer to connect to the public IP address of the instance on port 5901 (x.x.x.x:5901).
  2. Log in with the username and password generated by the lab. Now use the "Guide" located above the video to view the scenario and tasks to be completed.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!