ock user login after failed login attempts in Red Hat 6.x and CentOS 6.x
Earlier in RedHat based distro we used to setup pam_tally.so for locking the user login after some failed login attempts.
Now in Red Hat 6.x and CentOS 6.x we will use pam_tally2.so .
# cd /etc/pam.d
# cp -p password-auth-ac password-auth-ac.bak
# vi system-auth
note:password-auth is softlink of original file password-auth-ac . ls -la password-auth
Now add these two lines in password-auth-ac or password-auth
auth required pam_tally2.so deny=3 unlock_time=36000 audit
account required pam_tally2.so
Below is the sample of my system’s password-auth file.
[root@localhost ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_tally2.so deny=3 unlock_time=36000 audit
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.soaccount required pam_unix.so
account sufficient pam_localuser.so
account required pam_tally2.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.sopassword requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.sosession optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@localhost ~]#
By default the failed logs are saved in /var/log/tallylog
To see user’s no. of failed attempts,command is –
pam_tally2 -u username
To reset failed login log(like faillog -u username -r), use below command
pam_tally2 -u username –reset
To know what are the options you can use with pam_tally2.so .Read the file from below given path.
cat /usr/share/doc/pam-1.1.1/txts/README.pam_tally2
Recent Comments