CentOS 7
Sponsored Link

Count attempted Accesses
2015/07/23
 
Count attempted Accesses.
[1] If counts of attempted accesses of a user is over the value, the user account will be locked.
[root@dlp ~]#
vi /etc/pam.d/system-auth
# add like follows

# deny=N means a user account is locked over N times attempted (root is not applied)

# if also apply to root, add "even_deny_root"

# unlock_time=N means a locked account will be unlocked after N secconds later (if not specified this value, locked account will not be unlocked automatically)

# if specify "even_deny_root", it's also possible to specify locked timed with "root_unlock_time=N"

auth        required      pam_env.so
auth        required      pam_tally2.so deny=5 unlock_time=60
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     required      pam_tally2.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

[root@dlp ~]#
vi /etc/pam.d/password-auth
# add like follows

auth        required      pam_env.so
auth        required      pam_tally2.so deny=5 unlock_time=60
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     required      pam_tally2.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so
[2] Refer to a count of attempted accesses or unlock a locked account manually like follows.
# show a count of attempted accesses

[root@dlp ~]#
pam_tally2 -u cent

Login           Failures Latest failure     From
cent                6    07/23/15 19:24:01  ttyS0

# unlock a locked account manually

[root@dlp ~]#
pam_tally2 -r -u cent
 
Tweet