≡ Menu


HowTo: Configure Linux To Track and Log Failed Login Attempt Records

Under Linux operating system you can use the faillog command to display faillog records or to set login failure limits. faillog command displays the contents of the failure log from /var/log/faillog database file. It also can be used for maintains failure counters and limits. If you run faillog command without arguments, it will display only list of user faillog records who have ever had a login failure.
[click to continue…]

Restrict the use of su command

su is used to become another user during a login session. Invoked without a username, su defaults to becoming the super user. The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuses of the system.

By default almost all distro allows to use su command. However you can restrict the use of su command for security reasons.

Both UNIX and Linux have a group called wheel. If user is member of this group she can use su command. We can add user to this group.

For example add existing user rocky to wheel group
# usermod -G wheel rocky

Now open /etc/pam.d/su PAM config file:
# vi /etc/pam.d/su
Append line as follows:
auth required /lib/security/pam_wheel.so use_uid
auth required pam_wheel.so use_uid

Save and close the file.

Because of above setting only members of the administrative group wheel can use the su command. However I still recommend sudo over su for better control, security and ease of use. This is also default behavior on FreeBSD.

FreeBSD: Becoming Super User (su) or Enabling su Access For User Account

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:
[click to continue…]