Dynamically update Linux system password and send SMS to remind
Sometimes we may need higher security. As the mainstream operating system of the server, Linux needs to change the root password of the system account frequently to ensure the security of the whole system. The importance of the password is self-evident. That is, sometimes the password you set is too complex to remember. Therefore, you need to update the system root password automatically and send a text message to remind the system administrator. The realization of this function starts from the following aspects.
First, the system can automatically change the password by using shell script, so we need a random password generator to update the password through shell script.
Second, the updated password needs to be recorded for system managers to query.
Third, at the same time of updating, send SMS to the system manager through SMS notification service, including password and remind that the password has been updated.
According to the analysis of the above three points, we come to the conclusion that we need a script, a codebook and a set of SMS notification services, which can be realized on the server. Next, we will explain.
Linux, as the main function of the server, is powerful, needless to say, among which there are many ways to generate the system's own password. One is through urandom, and the other is OpenSSL
For example:
openssl rand -base64 12 #This command generates a 12 bit random string with special characters, #The encryption form is base64 #Can be used as a password openssl rand hex 12 #This command generates a 12 bit random string with special characters #The encryption form is hex openssl rand hex 12 -out password #Generate a 12 bit hex encrypted password and write a password named password #Within the document ================================================ cat /dev/urandom #Generate an infinite password, including special symbols. #If you want to use this method, you need to cut the random number of #Characters, for example: cat /dev/urandom |tr -dc 'a-zA-Z0-9' |head -c12 #This command can cut random ones without special characters #12 bit string, this can be used as the password #Select the appropriate length according to your password policy, #Cut out password and write to file cat /dev/urandom |tr -dc 'a-zA-Z0-9'|head -c12 >>password #In this way, we can cut out a password composed of 12 uppercase and lowercase letters and numbers #And redirect to a file named password #The first and second steps have been completed, and now we need to combine them #Write a script. The name of the script is change ====================== #!/bin/bash echo `cat /dev/urandom |tr -dc 'a-zA-Z0-9` |head -c6`>>password while read line do echo $line | passwd --stdin root > /dev/null done<$1 ======================= #Once the script is finished, the script name is change.sh #The script does the following, #Generate a 6-bit password and write the file name as #The password file, and then read the new generated file #Password, update the password through Passwd command, including several requirements #Note: first, the password is the content of the password file #No less than two. Second, the echo command is followed by a back quote #Save the password generated by the cat command as a string to a file #To hide the output when changing the password, redirect to null ``======================================== #Next is the SMS notification service, which compares many SMS notification services on the Internet, #Found hazelnut SMS service is more friendly, ready to use. Post the website below. #http://SMS developer.zhenzikj.com/zhenzisms user / login.html, after registering this website, you need to go to the SMS platform to view the generated #ak,that is access Code sum secret Code, these two codes will be later in#Used in Python. ============================================== import zhenzismsclient as smsclient import os import time os.popen('/usr/bin/bash change.sh password) print('=================================') with open(password,'r+') as file: line=file.readlines() last=lines[-1] client = smsclient.ZhenziSmsClient('https://sms_developer.zhenzikj.com', 'Your access code', 'Your secret code') print(client.send('Phone number of system administrator',last)) ======================== #The file name is message.py, which is notified by SMS service #Client file, the first package imported is the SMS server file #The second package is os, because you need to open the password book to view the password and #For sending SMS, the third package is the time package, after starting the shell script #Give five seconds to synchronize the codebook and make sure you get the latest password #Then? Chinese part is the place to be changed, two codes #It's on hazelnut's website. These four documents, message.py #password,change.sh zhenzismsclient.py #Put them in one folder, #The password of the message.py file is updated every time it is started. At the same time, #The updated password can be pushed to the system administrator's mobile phone through #crontab is a planned task of Linux system to design update strategy. //Link: https://pan.baidu.com/s/1rHoNsJCAC-IRQ0h3vv-C8g //Extraction code: 1uky #Change the file as needed