Linux Failed Login Control: Lock and Unlock User Accounts Using PAM
Under CentOS Linux it is possible to lock out a user login after failed login attempts. This is a security feature. You can also automatically unlock account after some time.
pam_tally - login counter (tallying) module
This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail.
/etc/pam.d/system-auth
Use /etc/pam.d/system-auth configuration file to configure attempted login accesses and other related activities. Append following AUTH configuration to /etc/pam.d/system-auth file:
auth required pam_tally.so onerr=fail deny=5 unlock_time=21600
Where,
(a)deny=5 - Deny access if tally for this user exceeds 5 times.
(b) unlock_time=21600 - Allow access after 21600 seconds (6 hours) after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.
(c) onerr=fail - If something weird happens (like unable to open the file), return with PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM error code.
Default file /var/log/faillog is used to keep login counts.
The above PAM module is part of all Linux distribution and configuration should work with any Linux distribution.
See also:
- man pages faillog, pam.conf, pam.d, pam, and pam_tally
- pam_tally - login counter (tallying) module documentation.
- CentOS Linux project
Continue reading rest of the Linux pam_tally - login counter Configuration series.
Contents
- How to: Configure Linux to track and log failed login attempt recoreds
- Linux How do I display failed login attempt?
- Linux Failed Login Control: Lock and Unlock User Accounts Using PAM
You may also be interested in other helpful articles:
- FreeBSD: Finding passwordless (no password) account and lock all accounts
- How to Analyzing malicious SSH login attempts and secure the system
- Linux > how do I find out all failed login attempts via ssh/telnet?
- Linux How do I display failed login attempt?
- Increase security by Locking Admin screen/console
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: /etc/pam.d/system-auth, /var/log/faillog, CentOS, config, Linux, Linux distribution, login attempts, PAM, pam_tally.so, Security, system administrator



Recent Comments
Today ~ 15 Comments
Today ~ 51 Comments
Today ~ 4 Comments
Today ~ 14 Comments
Today ~ 8 Comments