Force passwords change on 1st login

How to force users to change their passwords on 1st login

1.) First, lock the account to prevent the user from using the login until the change has been made:

# usermod -L

2.) Change the password expiration date to 0 to ensure the user changes the password during the next login:

# chage -d 0

3.) To unlock the account after the change do the following:

# usermod -U


fping is a ping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable. Unlike ping, fping is meant to be used in scripts and its output is easy to parse.

fping [ options ] [ systems… ]


-a Show systems that are alive.

-d Use DNS to lookup address of return ping packet. This allows you to
give fping a list of IP addresses as input and print hostnames in
the output.

-e Show elapsed (round-trip) time of packets

-f Read list of system from a file. This option can only be used by
the root user. Regular users should pipe in the file via stdin:
fping < targets_file -g Generate a target list from a supplied IP netmask, or a starting and ending IP. Specify the netmask or start/end in the targets portion of the command line. ex. To ping the class C 192.168.1.x, the specified command line could look like either: fping -g or fping -g -in The minimum amount of time (in milliseconds) between sending a ping packet to any host (default is 10). -q Quiet. Don't show per host results, just set final exit status. -rn Retry limit (default 3). This is the number of times an attempt at pinging a host will be made, not including the first try. -s Dump final statistics. -tn Individual host timeout in milliseconds (default 2500). This is the minimum number of milliseconds between ping packets directed towards a given host. -u Show systems that are unreachable. fping a list of IP addresses as input and have the results printed as hostnames. Examples: $ fping -g is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive is alive ....... $ fping -d is alive is alive is alive is alive


How to use the dig command

dig is a command-line tool for querying DNS name servers for information about host addresses, mail exchanges, name servers, and related information.

Understanding the default output

The most typical, simplest query is for a single host. By default, however, dig is pretty verbose. You probably don’t need all the information in the default output, but it’s probably worth knowing what it is. Below is an annotated query.

$ dig

That’s the command-line invocation of dig I used.

; < <>> DiG 9.2.3 < <>>
;; global options: printcmd

The opening section of dig’s output tells us a little about itself (version 9.2.3) and the global options that are set (in this case, printcmd). This part of the output can be quelled by using the +nocmd option, but only if it’s the very first argument on the command line (even preceeding the host you’re querying).

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43071 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 Here, dig tells us some technical details about the answer received from the DNS server. This section of the output can be toggled using the +[no]comments option—but beware that disabling the comments also turns off many section headers. ;; QUESTION SECTION: ; IN A In the question section, dig reminds us of our query. The default query is for an Internet address (A). You can turn this output on or off using the +[no]question option. ;; ANSWER SECTION: 600 IN A Finally, we get our answer: the address of is I don’t know why you’d ever want to turn off the answer, but you can toggle this section of the output using the +[no]answer option. ;; AUTHORITY SECTION: 2351 IN NS 2351 IN NS 2351 IN NS The authority section tells us what DNS servers can provide an authoritative answer to our query. In this example, has three name servers. You can toggle this section of the output using the +[no]authority option. ;; ADDITIONAL SECTION: 171551 IN A 2351 IN A 2351 IN AAAA 2001:4f8:0:2::15 The additional section typically includes the IP addresses of the DNS servers listed in the authority section. This section of the output can be toggled with the +[no]additional option. ;; Query time: 2046 msec ;; SERVER: ;; WHEN: Fri Aug 27 08:22:26 2004 ;; MSG SIZE rcvd: 173 The final section of the default output contains statistics about the query; it can be toggled with the +[no]stats option. What can I discover? dig will let you perform any valid DNS query, the most common of which are A (the IP address), TXT (text annotations), MX (mail exchanges), NS name servers, or the omnibus ANY. # get the address(es) for dig A +noall +answer # get a list of yahoo's mail servers dig MX +noall +answer # get a list of DNS servers authoritative for dig NS +noall +answer # get all of the above dig ANY +noall +answer More obscurely, for the present anyway, you can also poll for a host’s IPv6 address using the AAAA option. dig AAAA +short If the domain you want to query allows DNS transfers, you can get those, too. The reality of life on the Internet, however, is that very few domains allow unrestricted transfers these days. dig AXFR How to a short answer? When all you want is a quick answer, the +short option is your friend: $ dig +short not-quite-so-short answer? Note that a short answer is different from only an answer. The way to get a detailed answer, but without any auxiliary information, is to turn off all the results (+noall) and then turn on only those sections you want. Here’s a short answer followed by only an answer; the latter includes all the configuration information, including time-to-live (TTL) data, displayed in a format compatible with BIND configuration files. $ dig mx +short 20 30 10 $ dig +nocmd mx +noall +answer 3583 IN MX 30 3583 IN MX 10 3583 IN MX 20 Get a long answer? According to its man page, the +multiline option will give you an answer with “the SOA records in a verbose multi-line format with human-readable comments.” In general, the answers retrieved using the +multiline option will appear more like BIND config files than they will without it. $ dig +nocmd any +multiline +noall +answer 14267 IN A 14267 IN MX 5 14267 IN MX 15 14267 IN SOA ( 200408230 ; serial 14400 ; refresh (4 hours) 900 ; retry (15 minutes) 3600000 ; expire (5 weeks 6 days 16 hours) 14400 ; minimum (4 hours) ) 14267 IN NS 14267 IN NS 14267 IN NS Do a reverse lookup? Use the -x option to lookup the main hostname associated with an IP address. $ dig -x +short In a loop, this is a slick way to map the names in a given subnet: #!/bin/bash NET=18.7.22 for n in $(seq 1 254); do ADDR=${NET}.${n} echo -e "${ADDR}\t$(dig -x ${ADDR} +short)" done Query a different nameserver? Just specify it on the command line: dig Use the search list in /etc/resolv.conf? The host utility will automatically use the search list in your /etc/resolv.conf file. $ host www has address By default, however, dig doesn’t—which may produce some unexpected results. If you want to use local hostnames instead of fully qualified domain names, use the +search option. dig www +search Do bulk lookups? If you want to look up a large number of hostnames, you can put them in a file (one name per line) and use the -f option to query each one in turn. # do full lookups for a number of hostnames dig -f /path/to/host-list.txt # the same, with more focused output dig -f /path/to/host-list.txt +noall +answer As far as I can tell, dig versions up to and including 9.2.3 are unable to do reverse lookups using the -f option.


Vimdiff is a tool that comes bundled with Vim and its a wonderful tool for comparing code and merging changes. Vimdiff starts Vim on two (or three) files. Each file gets its own window. The differences between the files are highlighted. This is a nice way to inspect changes and to move changes from one version to another version of the same file.

vimdiff syntax

vimdiff [options] file1 file2 [file3]


You may also use “gvimdiff” or “vim -g”. The GUI is started then.You may also use “viewdiff” or “gviewdiff”. Vim starts in readonly mode then.”r” may be prepended for restricted mode

vimdiff examples

If you want to open files use the following command

vimdiff file1 file2


vim -d file1 file2

If you want to open vertical splits for your files use the following command

vimdiff -O file1 file2

If you want to open horizontal splits for your files use the following command

vimdiff -o file1 file2

If you want to open files in particular directory, use the following command.
Vim first append the file name of the first argument to the directory name to find the file.

vimdiff file1 file2 [file3 [file4]]


vim -d file1 file2 [file3 [file4]]

Keyboard Shortcuts:

do – Get changes from other window into the current window.

dp – Put the changes from current window into the other window.

]c – Jump to the next change.

[c – Jump to the previous change.

Ctrl W + Ctrl W – Switch to the other split window.

To ignore whitespace use this command: set diffopt+=iwhite

To turn that back off use: set diffopt-=iwhite

Remote editing using vim
$ vimdiff scp:// /path/to/local/file

More tutorials:

Fix cron problems on cPanel 11.x servers

I’ve noticed that on some new installs of cPanel 11.x + CentOS 5.0 there is a problem with cron jobs where the crons are not saved at all with no apparent reason and with no errors.
After some investigations I’ve found out that this is do to the fact that crontab doesn’t have the correct permissions.
It’s an easy fix and all you have to run as root is:

chmod a+s /usr/bin/crontab

Now try to add your crons again. It should work.

Accepting domain literals on a mail server

Accepting domain literals on a mail server

Q I have a Red Hat 8.0 server with one primary domain. A friend of mine recommended I check out, which performs a variety of useful tests on the DNS records as well as the server itself. Everything went through fairly well but my domain failed on one test. The following is from

ERROR: One or more of your mailservers does not accept mail in the domain literal format
(user@[]). Mailservers are required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses.

I’m not sure how to go about fixing this problem – or even if it’s worth fixing.

A RFC1 123 requires the ability to use domain literals (ie using [s and ]s) tospecify the IP address of a mail server, and thus bypass normal DNS mechanisms. For security and for spam prevention reasons, not all mail servers are configured with it enabled by default. If you would like to have your Sendmail daemon server accept mail sent to it in this way, you can add a line containing only [] to /etc/mail/local-host-names where is the IP address you would like sendmail to listen to.

Regex Pattern for Matching URLs

A Liberal, Accurate Regex Pattern for Matching URLs
Friday, 27 November 2009

A common programming problem: identify the URLs in an arbitrary string of text, where by “arbitrary” let’s agree we mean something unstructured such as an email message or a tweet. I offer a solution, in the form of the following regex pattern:


This pattern should work in most modern regex implementations. I can vouch for it working in Perl, Ruby, and with the PCRE regex library (which in turn means it works in PHP and BBEdit, both of which use PCRE).

This pattern attempts to be practical. It makes no attempt to parse URLs according to any official specification. It isn’t limited to predefined URL protocols. It should be clever about things like parentheses and trailing punctuation. For example, it will correctly match the URL in the following example lines:
(Something like
(Something like,
Just a link.

It attempts to be particularly clever with regard to parentheses, which, in my experience, only ever seem to occur in the wild in Wikipedia URLs, and which many URL matching patterns seem to botch. The pattern looks for balanced parentheses within the URL, which is how it correctly omits the trailing parenthesis in the following line:

(Something like

The pattern is also liberal about Unicode glyphs within the URL, which allows it, among other things, to match IDN domain names.