AMI linux users

Issue

What commands can I use to create and manage users and groups from the command shell of an Amazon Elastic Compute Cloud (Amazon EC2) Ubuntu Linux instance?

Resolution

The following commands are used to create and manage users from the command shell of an EC2 Ubuntu Linux instance. For more information about these commands, including optional switches and configuration values, see Ubuntu Manuals - 18.04 LTS.
adduser
adduser adds users based on command-line options and configuration variables in the /etc/adduser.conf file. The adduser command must be preceded by the sudo qualifier to temporarily grant the necessary privileges. Typically user names are lower-case letters. You can use a dash (-) or an underscore (_) in a user name. If you use Samba, user names can end in a dollar sign ($).
For example, the following command creates the new user account bob.

sudo adduser bob

Add the command-line switch --ingroup GROUP to add the new user to a different group.
The following command creates the new user account bob and adds them to the betausers user group:

sudo adduser bob --ingroup betausers

For a comprehensive list of adduser configuration variables, see adduser.conf.
addgroup
addgroup adds groups based on command-line options and configuration variables in the /etc/adduser.conf. The addgroup command must be preceded by the sudo qualifier to temporarily grant the necessary privileges. Typically group names are lower-case letters. You can use a dash (-) or an underscore (_) in a group name
For example, the following command creates the new group betausers.

sudo addgroup betausers

For a comprehensive list of configuration variables, see adduser.conf.
deluser
deluser removes users from the system or from the specified group based on command-line options and configuration variables in the /etc/deluser.conf file. The deluser command also can delete a group itself. The deluser command must be preceded by the sudo qualifier to temporarily grant the necessary privileges.
The following command deletes the user account bob.

sudo deluser bob

Add the command-line switch --group groupname to delete user from a specific group (but leaves the user in the system).
The following command removes the user bob from the betausers group.

sudo deluser bob --group betausers

The following command removes the group betausers from the system.

sudo deluser --group betausers

For a comprehensive list of configuration variables, see deluser.conf.
delgroup
delgroup removes groups based on command-line options and configuration variables in the /etc/deluser.conf file. The delgroup command must be preceded by the sudo qualifier to temporarily grant the necessary privileges.
For example, the following command deletes the group betausers.

sudo delgroup betausers

Additional commands for managing users and groups

• chage - Change the expiration time for a user's password.
• chfn - Change a user name and/or associated user information.
• chsh - Change the shell for a user.
• chgrp - Change group ownership of a file.
• chown - Change user and group ownership of a file.
• gpasswd - Administer /etc/group and /etc/gshadow.
• groupadd - Create a new group.
• groupdel - Delete a group.
• groupmod - Modify a group definition.
• groups - Display all the groups a user belongs to.
• grpck - Verify the integrity of group files.
• id - Display all group or user ID numbers for a specified user.
• newgrp - Assign new group identifications for a user.
• newusers - Batch utility to update and create new users.
• nologin - Disable login functionality for unprivileged users.
• passwd - Change a user's password.
• su - Become another user during a login session.
• useradd - Create a new user or change default new user information.
• userdel - Delete a user account and related files.
• usermod - Modify a user account.

List all regular users:

awk -F':' '{ print $1}' /etc/passwd

List all groups:  

cut -d: -f1  /etc/group

How to install Apache Security Module in Amazon Linux AMI

Apache mod_security is a firewall module to prevent against SQL Injection, cross-site scripting, bad user agents, and a lot of other exploits. 

Depends on the Amazon Linux AMI version you may have to issue one of the below commands on a trial & error basis.

sudo yum install mod24_security.x86_64

or

sudo yum install mod_security --enablerepo=epel

Once the package manager has installed the necessary packages we need to configure mod security as appropriate for the web application.

Below is the essential conf file for mod security,

/etc/httpd/conf.d/mod_security.conf

The parameters we would essentially deal with are,

SecRuleEngine DetectionOnly
SecRequestBodyAccess On

The "DetectionOnly" says Apache not to block any requests which may be valid in the context of your application instead log the suspicious requests to error.log.
It is recommended to run the application in "DetectionOnly" mode for a couple of days or so to avoid the false negative. For instance, in Drupal 7 some administrative pages (Panel Edit) & Views AJAX pager stopped working when "SecRuleEngine" to "ON".
Once the error log is reviewed & parameters are tweaked to meet the application needed SecRuleEngine can be changed On.

SecRuleEngine On

Mod security relies on a set of parameters rule to gauze a request as genuine or malicious. The following steps would help us place the rule in place,

cd /etc/httpd/modsecurity.d

sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0/master.zip

sudo unzip master.zip

sudo mv owasp-modsecurity-crs-3.0-master modsecurity-crs

cd /etc/httpd/modsecurity.d/modsecurity-crs

sudo cp crs-setup.conf.example crs-setup.conf

Add the following line to your httpd.conf. You can alternatively place these in any config file included by Httpd:

cd /etc/httpd/conf.d

sudo vim mod_security.conf

Add the following lines,

IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
IncludeOptional modsecurity.d/local_rules/*.conf

Restart web server and ensure it starts without errors.

sudo service httpd restart

Make sure your websites are still running fine.

removing index.php in url in wordpress site.

<Document /var/www/html/>

RewriteEngine on
RewriteBase /


RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/wp-admin/
RewriteRule ^(.*)$ index.php/$1 [NC,L]

</Document>


permanent link /%postname%/ 

default custom link - /index.php/%year%/%monthnum%/%day%/%postname%/