linux poison RSS
linux poison Email

Lock User Accounts After Too Many Login Failures

Add the following two lines highlighted in blue to the /etc/pam.d/system-auth file as shown below:

auth        required      /lib/security/$ISA/
auth required /lib/security/$ISA/ onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/ likeauth nullok
auth required /lib/security/$ISA/
account required /lib/security/$ISA/
account required /lib/security/$ISA/ per_user deny=5 no_magic_root reset
account sufficient /lib/security/$ISA/ uid < 100 quiet
account required /lib/security/$ISA/
password requisite /lib/security/$ISA/ retry=3
password sufficient /lib/security/$ISA/ nullok use_authtok md5 shadow
password required /lib/security/$ISA/
session required /lib/security/$ISA/
session required /lib/security/$ISA/

The first added line counts failed login and failed su attempts for each user. The default location for attempted accesses is recorded in /var/log/faillog.


Post a Comment

Related Posts with Thumbnails