Unknown code in script





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







3















I found some code in a script given to me by another person as a resource for lockdown/hardening of Ubuntu 16.04 for a project I am doing.



I have no idea what it does and do no want to run it if I can't identify the change it would make, is anyone aware of what it does or changes? Only code without a brief explanation comment, and it happens to be the only thing I do not know. Also, second function is identifiable by function but I don't understand the purpose or specifics.



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e $CHAGE_SCRIPT ]; then

printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" ! > $CHAGE_SCRIPT

    chmod +x $CHAGE_SCRIPT

fi

}



function bacon.config.ubuntu.log.rotate() {

  echo "bacon.config.ubuntu.log.rotate: [INFO] Installing logrotate..."



  sudo apt-get install logrotate 1>/dev/null



  echo "bacon.config.ubuntu.log.rotate: [INFO] Configuring logrotate..."

  sed 's/rotate 4/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/logrotate.conf

  sed 's/rotate 1/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/log.rotate.conf

  sed 's/rotate 7/rotate 1825/' /etc/logrotate.d/rsyslog > /etc/logrotate.d/rsyslog.new

  mv /etc/logrotate.d/rsyslog.new /etc/logrotate.d/rsyslog

}


Any help identifying these would be amazing.






bash scripts







share|improve this question









New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    I would ask the person who gave me the code what it does.

    – WinEunuuchs2Unix
    6 hours ago











  • @WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

    – Brendan77222
    6 hours ago


















3















I found some code in a script given to me by another person as a resource for lockdown/hardening of Ubuntu 16.04 for a project I am doing.



I have no idea what it does and do no want to run it if I can't identify the change it would make, is anyone aware of what it does or changes? Only code without a brief explanation comment, and it happens to be the only thing I do not know. Also, second function is identifiable by function but I don't understand the purpose or specifics.



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e $CHAGE_SCRIPT ]; then

printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" ! > $CHAGE_SCRIPT

    chmod +x $CHAGE_SCRIPT

fi

}



function bacon.config.ubuntu.log.rotate() {

  echo "bacon.config.ubuntu.log.rotate: [INFO] Installing logrotate..."



  sudo apt-get install logrotate 1>/dev/null



  echo "bacon.config.ubuntu.log.rotate: [INFO] Configuring logrotate..."

  sed 's/rotate 4/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/logrotate.conf

  sed 's/rotate 1/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/log.rotate.conf

  sed 's/rotate 7/rotate 1825/' /etc/logrotate.d/rsyslog > /etc/logrotate.d/rsyslog.new

  mv /etc/logrotate.d/rsyslog.new /etc/logrotate.d/rsyslog

}


Any help identifying these would be amazing.






bash scripts







share|improve this question









New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    I would ask the person who gave me the code what it does.

    – WinEunuuchs2Unix
    6 hours ago











  • @WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

    – Brendan77222
    6 hours ago














3












3








3








I found some code in a script given to me by another person as a resource for lockdown/hardening of Ubuntu 16.04 for a project I am doing.



I have no idea what it does and do no want to run it if I can't identify the change it would make, is anyone aware of what it does or changes? Only code without a brief explanation comment, and it happens to be the only thing I do not know. Also, second function is identifiable by function but I don't understand the purpose or specifics.



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e $CHAGE_SCRIPT ]; then

printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" ! > $CHAGE_SCRIPT

    chmod +x $CHAGE_SCRIPT

fi

}



function bacon.config.ubuntu.log.rotate() {

  echo "bacon.config.ubuntu.log.rotate: [INFO] Installing logrotate..."



  sudo apt-get install logrotate 1>/dev/null



  echo "bacon.config.ubuntu.log.rotate: [INFO] Configuring logrotate..."

  sed 's/rotate 4/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/logrotate.conf

  sed 's/rotate 1/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/log.rotate.conf

  sed 's/rotate 7/rotate 1825/' /etc/logrotate.d/rsyslog > /etc/logrotate.d/rsyslog.new

  mv /etc/logrotate.d/rsyslog.new /etc/logrotate.d/rsyslog

}


Any help identifying these would be amazing.






bash scripts







share|improve this question









New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I found some code in a script given to me by another person as a resource for lockdown/hardening of Ubuntu 16.04 for a project I am doing.



I have no idea what it does and do no want to run it if I can't identify the change it would make, is anyone aware of what it does or changes? Only code without a brief explanation comment, and it happens to be the only thing I do not know. Also, second function is identifiable by function but I don't understand the purpose or specifics.



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e $CHAGE_SCRIPT ]; then

printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" ! > $CHAGE_SCRIPT

    chmod +x $CHAGE_SCRIPT

fi

}



function bacon.config.ubuntu.log.rotate() {

  echo "bacon.config.ubuntu.log.rotate: [INFO] Installing logrotate..."



  sudo apt-get install logrotate 1>/dev/null



  echo "bacon.config.ubuntu.log.rotate: [INFO] Configuring logrotate..."

  sed 's/rotate 4/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/logrotate.conf

  sed 's/rotate 1/rotate 60/' /etc/logrotate.conf > /etc/logrotate.conf.new

  mv /etc/logrotate.conf.new /etc/log.rotate.conf

  sed 's/rotate 7/rotate 1825/' /etc/logrotate.d/rsyslog > /etc/logrotate.d/rsyslog.new

  mv /etc/logrotate.d/rsyslog.new /etc/logrotate.d/rsyslog

}


Any help identifying these would be amazing.






bash scripts




bash scripts






share|improve this question









New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 4 hours ago









serv-inc

1,7211521




1,7211521






New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 6 hours ago









Brendan77222Brendan77222

165




165




New contributor




Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Brendan77222 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1





    I would ask the person who gave me the code what it does.

    – WinEunuuchs2Unix
    6 hours ago











  • @WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

    – Brendan77222
    6 hours ago














  • 1





    I would ask the person who gave me the code what it does.

    – WinEunuuchs2Unix
    6 hours ago











  • @WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

    – Brendan77222
    6 hours ago








1




1





I would ask the person who gave me the code what it does.

– WinEunuuchs2Unix
6 hours ago





I would ask the person who gave me the code what it does.

– WinEunuuchs2Unix
6 hours ago













@WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

– Brendan77222
6 hours ago





@WinEunuuchs2Unix Normally I would as well, but they are away from the office for a while due to personal circumstances. Trust me, I know how much easier that would be. :)

– Brendan77222
6 hours ago










3 Answers
3






active

oldest

votes


















4














The first function checks whether file $CHAGE_SCRIPT exists, and if not attempts to create it with a printf statement. You can see what this statement does by running it in a terminal:



$ printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" !

#!/bin/bash 

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done


You will notice that instances of $3 evaluate empty because (unlike $1) they are not protected from expansion by the shell. The use of %c to insert the ! in #!/bin/bash suggests the original author doesn't really understand how bash's history expansion works.



IMHO it would be simpler and clearer to use a here-document:



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e "$CHAGE_SCRIPT" ]; then

    cat << 'EOF' > "$CHAGE_SCRIPT"

#!/bin/bash 

for i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done

EOF

    chmod +x "$CHAGE_SCRIPT"

fi

}


The operation of the second function should be pretty obvious - it could be simplified by combining all the sed commands so that the file is only written / moved once.






share|improve this answer
























  • If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

    – Brendan77222
    4 hours ago











  • @Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

    – steeldriver
    3 hours ago











  • would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

    – Brendan77222
    38 mins ago



















3














The script contains two function definitions. The first function, bacon.config.ubuntu.chage, creates a script at /etc/cron.daily/userchage (comments added by me):



#!/bin/bash

# loop through users with uid >= 1000 and uid < 65534 theoretically, but $3 isn't escaped -> doesn't work

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd);do

    # set password to expire after 60 days, warning after 50 days

    chage -m 0 -M 60 -W 10 $i

done


The second function installs logrotate and creates a config file for it.






share|improve this answer










New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

    – Brendan77222
    5 hours ago






  • 1





    Yes, any scripts in /etc/cron.daily/ will be executed once per day.

    – FliegendeWurst
    5 hours ago











  • Awesome, thank you for the confirmation on what I suspected. Awesome help.

    – Brendan77222
    5 hours ago



















2














The chage program changes the password expiry for all users. That is, it only lets them keep their current password for at most 60 days. It is run daily. The minimum duration of 0 is questionable as of https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting. Maybe ask on https://security.stackexchange.com if this is really recommended.



Why logrotate should improve security is a bit above me.






share|improve this answer



















  • 1





    Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

    – Brendan77222
    5 hours ago






  • 1





    Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

    – serv-inc
    1 hour ago














Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Brendan77222 is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1138035%2funknown-code-in-script%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









4














The first function checks whether file $CHAGE_SCRIPT exists, and if not attempts to create it with a printf statement. You can see what this statement does by running it in a terminal:



$ printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" !

#!/bin/bash 

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done


You will notice that instances of $3 evaluate empty because (unlike $1) they are not protected from expansion by the shell. The use of %c to insert the ! in #!/bin/bash suggests the original author doesn't really understand how bash's history expansion works.



IMHO it would be simpler and clearer to use a here-document:



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e "$CHAGE_SCRIPT" ]; then

    cat << 'EOF' > "$CHAGE_SCRIPT"

#!/bin/bash 

for i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done

EOF

    chmod +x "$CHAGE_SCRIPT"

fi

}


The operation of the second function should be pretty obvious - it could be simplified by combining all the sed commands so that the file is only written / moved once.






share|improve this answer
























  • If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

    – Brendan77222
    4 hours ago











  • @Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

    – steeldriver
    3 hours ago











  • would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

    – Brendan77222
    38 mins ago
















4














The first function checks whether file $CHAGE_SCRIPT exists, and if not attempts to create it with a printf statement. You can see what this statement does by running it in a terminal:



$ printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" !

#!/bin/bash 

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done


You will notice that instances of $3 evaluate empty because (unlike $1) they are not protected from expansion by the shell. The use of %c to insert the ! in #!/bin/bash suggests the original author doesn't really understand how bash's history expansion works.



IMHO it would be simpler and clearer to use a here-document:



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e "$CHAGE_SCRIPT" ]; then

    cat << 'EOF' > "$CHAGE_SCRIPT"

#!/bin/bash 

for i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done

EOF

    chmod +x "$CHAGE_SCRIPT"

fi

}


The operation of the second function should be pretty obvious - it could be simplified by combining all the sed commands so that the file is only written / moved once.






share|improve this answer
























  • If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

    – Brendan77222
    4 hours ago











  • @Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

    – steeldriver
    3 hours ago











  • would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

    – Brendan77222
    38 mins ago














4












4








4







The first function checks whether file $CHAGE_SCRIPT exists, and if not attempts to create it with a printf statement. You can see what this statement does by running it in a terminal:



$ printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" !

#!/bin/bash 

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done


You will notice that instances of $3 evaluate empty because (unlike $1) they are not protected from expansion by the shell. The use of %c to insert the ! in #!/bin/bash suggests the original author doesn't really understand how bash's history expansion works.



IMHO it would be simpler and clearer to use a here-document:



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e "$CHAGE_SCRIPT" ]; then

    cat << 'EOF' > "$CHAGE_SCRIPT"

#!/bin/bash 

for i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done

EOF

    chmod +x "$CHAGE_SCRIPT"

fi

}


The operation of the second function should be pretty obvious - it could be simplified by combining all the sed commands so that the file is only written / moved once.






share|improve this answer













The first function checks whether file $CHAGE_SCRIPT exists, and if not attempts to create it with a printf statement. You can see what this statement does by running it in a terminal:



$ printf "#%c/bin/bash nfor i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do nchage -m 0 -M 60 -W 10 $i ndone n" !

#!/bin/bash 

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done


You will notice that instances of $3 evaluate empty because (unlike $1) they are not protected from expansion by the shell. The use of %c to insert the ! in #!/bin/bash suggests the original author doesn't really understand how bash's history expansion works.



IMHO it would be simpler and clearer to use a here-document:



function bacon.config.ubuntu.chage() {

CHAGE_SCRIPT='/etc/cron.daily/userchage'

if [ ! -e "$CHAGE_SCRIPT" ]; then

    cat << 'EOF' > "$CHAGE_SCRIPT"

#!/bin/bash 

for i in $(awk -F: '{if(($3 >= 1000)&&($3 <65534)) print $1}' /etc/passwd); do 

chage -m 0 -M 60 -W 10 $i 

done

EOF

    chmod +x "$CHAGE_SCRIPT"

fi

}


The operation of the second function should be pretty obvious - it could be simplified by combining all the sed commands so that the file is only written / moved once.







share|improve this answer












share|improve this answer



share|improve this answer










answered 5 hours ago









steeldriversteeldriver

71.3k11115187




71.3k11115187













  • If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

    – Brendan77222
    4 hours ago











  • @Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

    – steeldriver
    3 hours ago











  • would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

    – Brendan77222
    38 mins ago



















  • If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

    – Brendan77222
    4 hours ago











  • @Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

    – steeldriver
    3 hours ago











  • would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

    – Brendan77222
    38 mins ago

















If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

– Brendan77222
4 hours ago





If the $3 evaluates empty, is there a reason to include it? If I wanted something to complete the same task, without useless portions included how much would I need to change it?

– Brendan77222
4 hours ago













@Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

– steeldriver
3 hours ago





@Brendan77222 I'm assuming the empty evaluation of $3 was unintentional - since it would result in a syntax error from awk

– steeldriver
3 hours ago













would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

– Brendan77222
38 mins ago





would leaving it in or taking it out be something I need to be concerned with? Should I want it to function as intended at least.

– Brendan77222
38 mins ago













3














The script contains two function definitions. The first function, bacon.config.ubuntu.chage, creates a script at /etc/cron.daily/userchage (comments added by me):



#!/bin/bash

# loop through users with uid >= 1000 and uid < 65534 theoretically, but $3 isn't escaped -> doesn't work

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd);do

    # set password to expire after 60 days, warning after 50 days

    chage -m 0 -M 60 -W 10 $i

done


The second function installs logrotate and creates a config file for it.






share|improve this answer










New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

    – Brendan77222
    5 hours ago






  • 1





    Yes, any scripts in /etc/cron.daily/ will be executed once per day.

    – FliegendeWurst
    5 hours ago











  • Awesome, thank you for the confirmation on what I suspected. Awesome help.

    – Brendan77222
    5 hours ago
















3














The script contains two function definitions. The first function, bacon.config.ubuntu.chage, creates a script at /etc/cron.daily/userchage (comments added by me):



#!/bin/bash

# loop through users with uid >= 1000 and uid < 65534 theoretically, but $3 isn't escaped -> doesn't work

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd);do

    # set password to expire after 60 days, warning after 50 days

    chage -m 0 -M 60 -W 10 $i

done


The second function installs logrotate and creates a config file for it.






share|improve this answer










New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

    – Brendan77222
    5 hours ago






  • 1





    Yes, any scripts in /etc/cron.daily/ will be executed once per day.

    – FliegendeWurst
    5 hours ago











  • Awesome, thank you for the confirmation on what I suspected. Awesome help.

    – Brendan77222
    5 hours ago














3












3








3







The script contains two function definitions. The first function, bacon.config.ubuntu.chage, creates a script at /etc/cron.daily/userchage (comments added by me):



#!/bin/bash

# loop through users with uid >= 1000 and uid < 65534 theoretically, but $3 isn't escaped -> doesn't work

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd);do

    # set password to expire after 60 days, warning after 50 days

    chage -m 0 -M 60 -W 10 $i

done


The second function installs logrotate and creates a config file for it.






share|improve this answer










New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










The script contains two function definitions. The first function, bacon.config.ubuntu.chage, creates a script at /etc/cron.daily/userchage (comments added by me):



#!/bin/bash

# loop through users with uid >= 1000 and uid < 65534 theoretically, but $3 isn't escaped -> doesn't work

for i in $(awk -F: '{if(( >= 1000)&&( <65534)) print $1}' /etc/passwd);do

    # set password to expire after 60 days, warning after 50 days

    chage -m 0 -M 60 -W 10 $i

done


The second function installs logrotate and creates a config file for it.







share|improve this answer










New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer








edited 5 hours ago





















New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered 5 hours ago









FliegendeWurstFliegendeWurst

1139




1139




New contributor




FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






FliegendeWurst is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

    – Brendan77222
    5 hours ago






  • 1





    Yes, any scripts in /etc/cron.daily/ will be executed once per day.

    – FliegendeWurst
    5 hours ago











  • Awesome, thank you for the confirmation on what I suspected. Awesome help.

    – Brendan77222
    5 hours ago



















  • Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

    – Brendan77222
    5 hours ago






  • 1





    Yes, any scripts in /etc/cron.daily/ will be executed once per day.

    – FliegendeWurst
    5 hours ago











  • Awesome, thank you for the confirmation on what I suspected. Awesome help.

    – Brendan77222
    5 hours ago

















Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

– Brendan77222
5 hours ago





Awesome those comments help a lot. is there a reason for inserting a script at /etc/chron.daily/userchage rather than just executing the for loop you put here? I am unfamiliar with userchage file's function

– Brendan77222
5 hours ago




1




1





Yes, any scripts in /etc/cron.daily/ will be executed once per day.

– FliegendeWurst
5 hours ago





Yes, any scripts in /etc/cron.daily/ will be executed once per day.

– FliegendeWurst
5 hours ago













Awesome, thank you for the confirmation on what I suspected. Awesome help.

– Brendan77222
5 hours ago





Awesome, thank you for the confirmation on what I suspected. Awesome help.

– Brendan77222
5 hours ago











2














The chage program changes the password expiry for all users. That is, it only lets them keep their current password for at most 60 days. It is run daily. The minimum duration of 0 is questionable as of https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting. Maybe ask on https://security.stackexchange.com if this is really recommended.



Why logrotate should improve security is a bit above me.






share|improve this answer



















  • 1





    Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

    – Brendan77222
    5 hours ago






  • 1





    Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

    – serv-inc
    1 hour ago


















2














The chage program changes the password expiry for all users. That is, it only lets them keep their current password for at most 60 days. It is run daily. The minimum duration of 0 is questionable as of https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting. Maybe ask on https://security.stackexchange.com if this is really recommended.



Why logrotate should improve security is a bit above me.






share|improve this answer



















  • 1





    Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

    – Brendan77222
    5 hours ago






  • 1





    Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

    – serv-inc
    1 hour ago
















2












2








2







The chage program changes the password expiry for all users. That is, it only lets them keep their current password for at most 60 days. It is run daily. The minimum duration of 0 is questionable as of https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting. Maybe ask on https://security.stackexchange.com if this is really recommended.



Why logrotate should improve security is a bit above me.






share|improve this answer













The chage program changes the password expiry for all users. That is, it only lets them keep their current password for at most 60 days. It is run daily. The minimum duration of 0 is questionable as of https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting. Maybe ask on https://security.stackexchange.com if this is really recommended.



Why logrotate should improve security is a bit above me.







share|improve this answer












share|improve this answer



share|improve this answer










answered 5 hours ago









serv-incserv-inc

1,7211521




1,7211521








  • 1





    Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

    – Brendan77222
    5 hours ago






  • 1





    Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

    – serv-inc
    1 hour ago
















  • 1





    Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

    – Brendan77222
    5 hours ago






  • 1





    Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

    – serv-inc
    1 hour ago










1




1





Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

– Brendan77222
5 hours ago





Oh, we definitely want a minimum password age of 24 hours. I assume that is the -m flag? I can read the man page as well, just was confused on why it used a check for a script. But I now feel from your comment it does that to ensure this is checked daily rather than a one time thing.

– Brendan77222
5 hours ago




1




1





Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

– serv-inc
1 hour ago







Exactly. And -m seems correct. If you can read the man pages, you can see man cron for the cron.daily folder.

– serv-inc
1 hour ago












Brendan77222 is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Brendan77222 is a new contributor. Be nice, and check out our Code of Conduct.













Brendan77222 is a new contributor. Be nice, and check out our Code of Conduct.












Brendan77222 is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1138035%2funknown-code-in-script%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Bundesstraße 106

Image
Dieser Artikel beschreibt die Bundesstraße 106 in Deutschland. Zur gleichnamigen Straße in Österreich siehe Mölltal Straße. Vorlage:Infobox hochrangige Straße/Wartung/DE-B Bundesstraße 106 in Deutschland Karte Basisdaten Betreiber: Deutschland  Bundesrepublik Deutschland Straßenbeginn: Wismar ( 53° 54′  N , 11° 24′  O 53.900536 11.396875 ) Straßenende: Schwerin ( 53° 36′  N , 11° 24′  O 53.592785 11.404892 ) Gesamtlänge: 40,7 km Bundesland: Mecklenburg-Vorpommern Ausbauzustand: zweistreifig [1] Bundesstraße 106 in Schwerin (Umgehungsstraße) Straßenverlauf Land Mecklenburg-Vorpommern Landkreis Nordwestmecklenburg Ortsumgehung Wismar Wallensteingraben über   Dorf Mecklenburg Wallensteingraben Groß Stieten Bad Kleinen OT Niendorf Bahnstrecke Lübeck–Bad Kleinen Zickhusen Lübstorf Klein Trebbow OT Kirch Stück
Read more

Verónica Boquete

Image
Verónica Boquete im Trikot der Nationalmannschaft (2013) Personalia Name Verónica Boquete Giadans Geburtstag 9. April 1987 Geburtsort Santiago de Compostela, Spanien Größe 159 cm Position Mittelfeld / Sturm Juniorinnen Jahre Station 2001–2005 Xuventú Aguiño Frauen Jahre Station Spiele (Tore) 1 2005–2008 Prainsa Zaragoza 83 (40) 2008–2010 Espanyol Barcelona 53 (30) 2010 Buffalo Flash 9 0 (9) 2010 Chicago Red Stars 3 0 (1) 2010–2011 Espanyol Barcelona 26 (41) 2011 Philadelphia Independence 13 0 (5) 2011 Energija Woronesch 5 0 (1) 2012–2014 Tyresö FF 39 (14) 2014 Portland Thorns FC 15 0 (4) 2014–2015 1. FFC Frankfurt 23 0 (7) 2015–2016 FC Bayern München 9 0 (0) 2016–2018 Paris Saint-Germain 31 0 (8) 2018 Peking BG Phoenix 2019– Utah Royals FC 0 0 (0) Nationalmannschaft Jahre Auswahl
Read more

Ida-Boy-Ed-Garten

Image
Die Lage des Ida-Boy-Ed-Gartens, rot markiert Der Ida-Boy-Ed-Garten Der Ida-Boy-Ed-Garten, Blick von der Wakenitzmauer durch das Tor in der Stadtmauer Der Ida-Boy-Ed-Garten ist eine Straße der Lübecker Altstadt. Inhaltsverzeichnis 1 Lage 2 Geschichte 3 Literatur 4 Weblinks Lage | Der etwa 90 Meter lange Ida-Boy-Ed-Garten befindet sich an der nördlichen Spitze der Altstadtinsel, vor dem Burgtor. Die in einem Bogen durch eine Grünanlage hangaufwärts führende Straße verbindet die Wakenitzmauer mit der Burgtorbrücke. Geschichte | Der heutige Ida-Boy-Ed-Garten wurde ursprünglich als Verlängerung der Wakenitzmauer angelegt. 1903 wurde in den erhaltenen Teil der mittelalterlichen Stadtmauer, an dem die Wakenitzmauer bei der Einmündung der Kaiserstraße begann, ein Tor mit einem großen Bogen für die Durchführung der Straße und zwei kleineren seitlichen Öffnungen für Fußgänger gebrochen, um für die neu errichteten Wohnhäuser in diesem Bereich
Read more