ock user login after failed login attempts in Red Hat 6.x and CentOS 6.x<\/p>\n
Earlier in RedHat based distro we used to setup pam_tally.so for locking the user login after some failed login attempts.<\/p>\n
Now in Red Hat 6.x and CentOS 6.x we will use pam_tally2.so .<\/p>\n
# cd \/etc\/pam.d
\n# cp -p password-auth-ac password-auth-ac.bak
\n# vi system-auth<\/p><\/blockquote>\nnote:password-auth is softlink of original file password-auth-ac . ls -la password-auth<\/p>\n
Now add these two lines in password-auth-ac or password-auth<\/p>\n
auth required pam_tally2.so deny=3 unlock_time=36000 audit<\/p>\n
account required pam_tally2.so<\/p><\/blockquote>\n
Below is the sample of my system\u2019s password-auth file.<\/p>\n
[root@localhost ~]# cat \/etc\/pam.d\/password-auth
\n#%PAM-1.0
\n# This file is auto-generated.
\n# User changes will be destroyed the next time authconfig is run.
\nauth required pam_env.so
\nauth sufficient pam_unix.so nullok try_first_pass
\nauth required pam_tally2.so deny=3 unlock_time=36000 audit
\nauth requisite pam_succeed_if.so uid >= 500 quiet
\nauth required pam_deny.so<\/p>\naccount required pam_unix.so
\naccount sufficient pam_localuser.so
\naccount required pam_tally2.so
\naccount sufficient pam_succeed_if.so uid < 500 quiet
\naccount required pam_permit.so<\/p>\npassword requisite pam_cracklib.so try_first_pass retry=3 type=
\npassword sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
\npassword required pam_deny.so<\/p>\nsession optional pam_keyinit.so revoke
\nsession required pam_limits.so
\nsession [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
\nsession required pam_unix.so
\n[root@localhost ~]#<\/p><\/blockquote>\nBy default the failed logs are saved in\u00a0\/var\/log\/tallylog<\/p>\n
To see user\u2019s no. of failed attempts,command is –<\/p>\n
pam_tally2 -u username<\/p><\/blockquote>\n
To reset failed login log(like faillog -u username -r), use below command<\/p>\n
pam_tally2 -u username \u2013reset<\/p><\/blockquote>\n
To know what are the options you can use with pam_tally2.so .Read the file from below given path.<\/p>\n
cat \/usr\/share\/doc\/pam-1.1.1\/txts\/README.pam_tally2<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
ock user login after failed login attempts in Red Hat 6.x and CentOS 6.x<\/p>\n
Earlier in RedHat based distro we used to setup pam_tally.so for locking the user login after some failed login attempts.<\/p>\n
Now in Red Hat 6.x and CentOS 6.x we will use pam_tally2.so .<\/p>\n
# cd \/etc\/pam.d # cp -p password-auth-ac password-auth-ac.bak […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2987"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2987"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2987\/revisions"}],"predecessor-version":[{"id":2988,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2987\/revisions\/2988"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}