Source: https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/ 

How to set up two-factor authentication in Linux

f you're a Linux administrator and looking to lock down your Linux servers and desktops as tight as possible, you owe it to yourself to make use of two-factor authentication. This should be considered as "no-brainer" as they come. Why? Because by adding two-factor authentication, it becomes exponentially more difficult for malicious users to gain access to your machines. With Linux, it is possible to set up a machine so that you cannot log into the console or desktop or by way of secure shell, without having the two-factor authentication code associated with that machine.I'm going to walk you through the process of setting this up on Ubuntu Server 16.04. If you've attempted this process before, know that the steps have changed and the previously detailed method no longer works.

Before you begin

There is one thing you must know about adding two-factor authentication: Once you've set it up, without the third-party generated codes, you will not be able to gain access to your machine. Every time you want to log in, you will need either your smartphone or the emergency codes (generated upon installation of the necessary tools).

What you'll need

Obviously, you'll need a Linux server or desktop. Make sure it is fully updated and your data is backed up (because you never know). You will also need a third-party application (such as Authy or Google Authenticator) to generate your two-factor codes. Personally, I use Authy for this task. I will not walk through the process of installing either the Authy or Google Authenticator app (as that is self-explanatory).
With that said, let's set this up.

Installation

Log into your Linux machine and follow these steps:

1. Open a terminal window
2. Issue the command sudo apt install libpam-google-authenticator
3. Type your sudo password and hit Enter
4. If prompted, type y and hit Enter
5. Allow the installation to complete

Now it's time to configure the machine for two-factor authentication.

Configuration

Back at your terminal window, issue the command sudo nano /etc/pam.d/common-auth. Add the following line to the bottom of the file:

auth required pam_google_authenticator.so nullok

Save and close that file.
Now we must setup Google-authenticator for every user that needs to log into the machine. I will demonstrate with a single user. Go back to the terminal window and, as the user in question, issue the command google-authenticator. You will be required to answer a series of questions. The first question is: Do you want authentication tokens to be time-based (y/n) y. Answer that with a y and you will be presented with a QR code (Figure A). Open up your two-factor app on your smartphone, add a new account, and scan that code.
Figure A

Scan the qr code to add the account to your third-party app.

Once you've added the code, answer the remaining questions, which are:

• Do you want me to update your "/home/jlwallen/.google_authenticator" file (y/n) y
• Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n)
• By default, tokens are good for 30 seconds, and to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n)
• If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n)

Answer each question by typing y and hitting enter.

Configure SSH

Next we must setup ssh to allow two factor authentication. Otherwise you won't be able to login via ssh. Here's what you do:
First, enable the PAM module. To do this, issue the command sudo nano /etc/pam.d/sshd. With the file open, add the following line to the bottom of the file:

auth required pam_google_authenticator.so nullok

Save that file and then issue the command sudo nano /etc/ssh/sshd_config. In this file, look for:

ChallengeResponseAuthentication no

and change it to:

ChallengeResponseAuthentication yes

Save that file and restart sshd with the command sudo systemctl restart sshd.

Logging in

Before you log out of your server from the current working terminal window, I highly suggest you open up a new window and attempt to secure shell into the machine. If you cannot log in, go back through the steps and make sure you didn't miss anything. Once you've successfully logged in that way, it's safe to logout of your current session and log back in.

Welcome to a new level of security

That's all it takes to add a much-needed layer of extra security to your Linux machines. Remember, without that third-party two-factor authentication app, you will not be able to log into your newly configured machine—so keep that phone handy at all times.

Linux: Monitor Hard Disks Temperature With hddtemp

in Categories CentOS, Debian Linux, Hardware, Howto, Linux, Monitoring, RedHat/Fedora Linux, Suse Linux, Tips, Troubleshooting, Tuning, Ubuntu Linux last updated June 25, 2017

 

https://www.cyberciti.biz/tips/howto-monitor-hard-drive-temperature.html

 

 

There is an excellent little utility to monitor hard drive temperature. Most modern computer hard disk comes with S.M.A.R.T (Self-Monitoring, Analysis, and Reporting Technology). It is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.

The hddtemp utility will give you the temperature of your hard drive by reading data from S.M.A.R.T. on drives that support this feature.

Only modern hard drives have a temperature sensor. hddtemp supports reading S.M.A.R.T. information from SCSI drives too. hddtemp can work as simple command line tool or as a daemon to get information from all servers.

Install hddtemp

To install hddtemp under a Debian / Ubuntu Linux use apt-get command/apt command:
$ sudo apt-get install hddtemp
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  ksensors
The following NEW packages will be installed:
  hddtemp
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 57.8 kB of archives.
After this operation, 184 kB of additional disk space will be used.
Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 hddtemp amd64 0.3-beta15-52+b1 [57.8 kB]
Fetched 57.8 kB in 2s (22.6 kB/s)  
Preconfiguring packages ...
Selecting previously unselected package hddtemp.
(Reading database ... 115096 files and directories currently installed.)
Preparing to unpack .../hddtemp_0.3-beta15-52+b1_amd64.deb ...
Unpacking hddtemp (0.3-beta15-52+b1) ...
Setting up hddtemp (0.3-beta15-52+b1) ...
Processing triggers for systemd (232-25) ...
Processing triggers for man-db (2.7.6.1-2) 

To install hddtemp under a CentOS/RHEL/SL/Oracle Linux, run yum command (first turn on EPEL repo):
$ sudo yum install hddtemp
Type the following pacman command to install hddtemp under an Arch Linux distro:
$ sudo pacman -S hddtemp
Type the following dnf command to install hddtemp under a Fedora Linux distro:
$ sudo dnf install hddtemp
Type the following zypper command to install hddtemp under an OpenSUSE Linux distro :
$ sudo zypper install hddtemp

A note about source code installation

You can also perform source code installation. Download the source code tar ball here.
$ wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp-0.3-beta15.tar.bz2
Untar and install hddtemp using the following commands:
$ tar -jxvf hddtemp-0.3-beta15.tar.bz2
$ cd hddtemp-0.3-beta15
$ ./configure
$ make
$ sudo make install

Install hard disk temperature database at /usr/share/misc or /etc directory:
$ cd /usr/share/misc
# wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp.db


How do I monitor hard disk temperature?

To see temperature for /dev/sda, enter the following command:
$ hddtemp /dev/sda
Sample outputs

/dev/sda: WDC WD2500YS-01SHB1:  25°C

Above output indicate that my hard disk temperature is 25°C. If temperature is higher than 60°C , consider cooling options immediately.

How Do I Find Out Remote Server HDD Temperature?

By default hddtemp bind to TCP/IP port 7634. You need to run hddtemp in daemon mode. Login on remote box and start it as follows to monitor /dev/sda, /dev/sdb, /dev/sdc, and /dev/sdd:
# hddtemp -d /dev/sd[abcd]
Use telnet or nc / netcat command to to get a temperature from a remote box:
$ telnet remotebox 7634
OR
$ nc 192.168.1.100 7634
Sample outputs:

|/dev/sda|Samsung SSD 850 EVO mSATA 500GB|45|C|

You can format it as follows using the awk command:
nc centos7-box 7634 | awk -F'|' '{print $2 " " $4 $5 "(" $3 ")"}'
Sample outputs:

/dev/sda 45C(Samsung SSD 850 EVO mSATA 500GB)

Shutdown Linux Computer If Temperature >= 55

To power off / shutdown computer, run following command via cron tab (cron job) file:
t=$(hddtemp /dev/sda --numeric)
[ $t -ge 55 ] && /sbin/shutdown -h 0
Sample shell script to shutdown box if temperature >= 55°C (download link):

#!/bin/bash # Purpose: Shutdown server if disk temp crossed $ALERT_LEVEL # Author: Vivek Gite {https://www.cyberciti.biz/}, under GPL v.2.x # ----------------------------------------------------------------- HDDS="/dev/sda /dev/sdb /dev/sdc /dev/sdc /dev/sdd /dev/sde" HDT=/usr/sbin/hddtemp LOG=/usr/bin/logger DOWN=/sbin/shutdown ALERT_LEVEL=60 for disk in $HDDS do if [ -b $disk ]; then HDTEMP=$( ${HDT} --numeric ${disk} ) if [ $HDTEMP -ge $ALERT_LEVEL ]; then $LOG "System going down as hard disk \"$disk\" temperature ($HDTEMP) crossed its limit." sync;sync $DOWN -h 0 fi fi done

You can run script using a cron job on Linux or Unix-like system:
$ sudo crontab -e
Append the following to run cron job every 10 minutes to check for disk temp:
*/10 * * * * /root/bin/chk-disk-temp.bash

Say hello to smartctl Utility

If you have smartctl utility installed, try it as follows to get temperature data:
# smartctl -d ata -A /dev/sda | grep -i temperature
Output:

194 Temperature_Celsius     0x0022   122   095   000    Old_age   Always       -       28

Set ALERT_LEVEL as per your requirements. Please refer to your hard disk manual for working temperature guideline. Here is general temperature guideline (extracted from Seagate SV35.2 Series Hard Drives Web Page):

Operating	0 to 60 degrees C
Nonoperating	-40 to 70 degrees C
Maximum operating temperature change	20 degrees C per hour
Maximum nonoperating temperature change	30 degrees C per hour
Maximum operating case temperature	69 degrees C

A note for MS-Windows XP / Vista/ 7 / 10 / Server Users

Sorry. The hddtemp is UNIX / Linux only program.

Netowrk Drivers for HP compaq dc5800 Desktop PCs for all OSs

http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18719&keyword=%22intel+82566dm-2+%22&lang=eng

Introduction to Computers

Chapter 1

WINDOWS 5 Ways To Clean Up Your Computer With An Automated Script [Windows]

From the link: http://www.makeuseof.com/tag/xx-ways-clean-computer-automated-script/

Computer maintenance isn’t exactly something that most people remember to do. For the general user that isn’t exactly tech savvy, when a computer doesn’t work, they either call for help or simply buy a new computer.

If you have family members or friends that are always calling you for help with a slow computer, I’m going to offer you a solution that you can use to stop those phone calls right now. This solution incorporates six tools into a Windows script. That script is going to perform all of the PC cleanup work that you would do if you were sitting right in front of the computer yourself.

What This Script Will Accomplish

This Windows script is going to run the required tools in command line mode. Many of these tools that you’ve been using for years, you may not have even realized that there is a command-line mode available.

Clean Up Registry & Temp Folders

The first step is probably the most important. We’re going to launch CCleaner in command line mode to clean up temp files and the registry.

One catch. In order to make this script work without constant notifications about the apps making computer changes, you’ll have to disable the User Account Control windows feature in Windows 7.

Ads by Google

Now you’re ready to roll. Create a file called CleanComputer.wsf and start it off with the following script.

Once you’ve finished the procedure above and saved your file on the PC, just schedule the job to run on a regular basis (/Accessories/System Tools/Task Scheduler). Give the procedure above a try and see how well it works for you.

Did it work well, and can you think of any other useful command line tasks that could also be added? Share your thoughts in the comments section below.

10 PowerShell commands every Windows admin should know

PowerShell combines the speed of the command line with the flexibility of a scripting language, making it a valuable Windows administration tool. Here are a few basic commands you'll want to master.

From the link: http://www.techrepublic.com/blog/10-things/10-powershell-commands-every-windows-admin-should-know/

Over the last few years, Microsoft has been trying to make PowerShell the management tool of choice. Almost all the newer Microsoft server products require PowerShell, and there are lots of management tasks that can't be accomplished without delving into the command line. As a Windows administrator, you need to be familiar with the basics of using PowerShell. Here are 10 commands to get you started.

Note: This article is also available as a PDF download.

1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:

Get-Help -Name Get-Process

and Windows will display the full command syntax.

You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:

Get-Help -Name Get-*

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:

• Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
• All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.
• Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.
• Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.

You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:

Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you're working on an unfamiliar server, you'll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.

4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service's state.

5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it's helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.

To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.

To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that's installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:

Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command's output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:

Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It's often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:

Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer's event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:

Get-EventLog -Log "Application"

Of course, you would rarely use this command in the real world. You're more likely to use other commands to filter the output and dump it to a CSV or an HTML file.

9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.

10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:

Stop-Process -Name notepad

Stop-Process -ID 2668

Keep in mind that the process ID may change from session to session.

10 PowerShell commands to make remote management easier

These 10 PowerShell commands will come in handy when you need to remotely manage computers on a domain or workgroup.

From the link: http://www.techrepublic.com/article/10-powershell-commands-to-make-remote-management-easier/

So without further ado, let's review the requirements necessary to get the most out of PowerShell's awesome features. Then we'll focus on 10 commands that will make life easier by managing devices and services on your network remotely and more efficiently.

Computer running Windows Vista (or higher)Requirements

• Server running Windows Server 2008 (or higher)
• PowerShell 5.0
• Administrative access

1: Create a PowerShell session

Command: Enter-PSSession

Example: Enter-PSSession -ComputerName REMOTE_COMPUTER_NAME -Credential USERNAME

Creating a PSSession will allow an administrator to remotely connect to a computer on the network and run any number of PS commands on the device. During the session, multiple commands may be executed remotely, since the admin has console access just as though he/she were sitting locally at the machine.

2: Execute commands

Command: Invoke-Command

Example: Invoke-Command -Computer REMOTE_COMPUTER_NAME -ScriptBlock {PowerShell Command}

Using Invoke-Command in PS renders similar results to executing a session as in command #1 above, except that when using Invoke to call forth a command remotely, only one command may be executed at a time. This prevents running multiple commands together unless they are saved as a .PS1 file and the script itself is invoked.

3: Restart computer(s)

Command: Restart-Computer

Example: Restart-Computer -ComputerName REMOTE_COMPUTER_NAME -Force

Sometimes installations or configurations will require a reboot to work properly. Other times, a computer just needs a refreshing of the resources, and a reboot will accomplish that. Whether targeted at one or one hundred devices, PS can ease the job with just one command for all.

4: Ping computer(s)

Command: Test-Connection

Example: Test-Connection -ComputerName DESTINATION_COMPUTER_NAME -Source SOURCE_COMPUTER_NAME

The PING command is one of the most useful commands in a sysadmin's arsenal. Simply put, it tests connectivity between your current station and another remote system. Test-Connection brings it up a notch by folding that functionality into a PS cmdlet, while adding some new tricks—such as being able to designate a source computer that's different from the one you're currently logged onto. Say you need to test communications between a server and a remote device. The ICMP requests will be sent from the server to the remote device, yet report the findings back to your admin station.

5: View and modify services

Command: Set-Service

Example: Set-Service -ComputerName REMOTE_COMPUTER_NAME -Name SERVICE_NAME -Status SERVICE_STATUS

Services are resilient and sometimes finicky. Depending on what's going on with a particular computer, they may halt at the worst possible time. Determining a station's running services begins with the Get-Service cmdlet to obtain current statuses. Once that information is available, the process to set a service status is possible - be it for one service, those that begin with the letter W, or all of them at once.

6: Run background tasks

Command: Start-Job

Example: Start-Job -FilePath PATH_TO_SCRIPT.PS1

Some administrators do what they need to do when they need to do it, regardless of what's going on or what the users are doing. Others prefer to work in the shadows to keep things humming along with little to no interruptions. If you're one of the latter, this cmdlet is perfect for your management style.

It executes scripts or tasks in the background no matter who is interactively logged on or what they may be doing. Further, it will execute silently—even if it were to fail—and not interrupt the locally logged on user at all. Like a ghost!

7: Shut down computer(s)

Command: Stop-Computer

Example: Stop-Computer -ComputerName REMOTE_COMPUTER_NAME -Force

Unlike running things silently or rebooting a desktop from afar, there are times when computers need to be shut down. For these moments, this cmdlet will ensure that one or all computers are properly shut down and will even log off interactive users if the -Force argument is included.

8: Join computers to a domain

Command: Add-Computer

Example: Add-Computer -ComputerName COMPUTER_NAMES_TO_BE_JOINED -DomainName DOMAIN.COM -Credential DOMAIN\USER -Restart

While the process of joining a computer to a domain is fairly straightforward, the three clicks and entering of admin credentials can become quite tedious when multiplied by several hundreds of computers at a time.

PowerShell can make short work of the task. This cmdlet allows for multiple computers at once to be joined to a domain, while requiring the admin to enter his/her credentials only once.

9: Manage other applications and services

Command: Import-Module

Example: Import-Module -Name NAME_OF_POWERSHELL_MODULE

One of PowerShell's greatest benefits is its flexibility when it comes to managing just about anything—from Windows-based computing systems to applications like Microsoft Exchange. Some applications and system-level services permit only a certain level of management via GUI. The rest is defaulted to PS, so Microsoft is clearly leveraging the technology significantly.

This is accomplished through the use of modules that contain the necessary codebase to run any number of additional cmdlets within PowerShell that target a specific service or application. Modules may be used only when needed by importing them, at which point they will extend the PS functionality to a specific service or app. Once your work is done, you can remove the module from the active session without closing it altogether.

10: Rename computers

Command: Rename-Computer

Example: Rename-Computer -NewName NEW_COMPUTER_NAME -LocalCredential COMPUTERNAME\USER -Restart

Depending on several factors, including the deployment system used, scripting experience level and security, and company policy, computers being renamed might not be done regularly (or perhaps it's a task performed quite often). Either way, the Rename cmdlet is extremely useful when working on one or multiple systems—workgroup or on a domain.

The cmdlet will rename a device and reboot it so that the changes can take effect. For those on a domain, the added benefit will be that if the Active Directory Schema supports it, the new computer will also result in a computer object rename within AD. The object will retain all its settings and domain joined status but will reflect the new name without any significant downtime to the user outside of a reboot.