CentOS 8
Sponsored Link

Faillock : Count attempted Accesses
2019/12/16
 
Count attempted Accesses.
[1] If counts of attempted accesses of a user is over a parameter, the user account will be locked.
[root@dlp ~]#
vi /etc/pam.d/system-auth
# add like follows

# [deny=N] means a user account is locked over N times attempted (root is not applied)

# if also apply to root, add [even_deny_root]

# [unlock_time=N] means a locked account will be unlocked after N secconds later

# (if not specified this value, locked account will not be unlocked automatically)

# if specify [even_deny_root], it's also possible to specify locked timed with [root_unlock_time=N]


auth        required      pam_env.so
auth        required      pam_faillock.so preauth silent audit deny=5
auth        sufficient    pam_unix.so try_first_pass nullok
auth        [default=die] pam_faillock.so authfail audit deny=5
auth        required      pam_deny.so

account     required      pam_unix.so
account     required      pam_faillock.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

[root@dlp ~]#
vi /etc/pam.d/password-auth
# add like follows


auth        required      pam_env.so
auth        required      pam_faillock.so preauth silent audit deny=5
auth        sufficient    pam_unix.so try_first_pass nullok
auth        [default=die] pam_faillock.so authfail audit deny=5
auth        required      pam_deny.so

account     required      pam_unix.so
account     required      pam_faillock.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
[2] See a user account's failed login counts and unlock a locked account manually like follows.
# show failed login counts

[root@dlp ~]#
faillock --user cent

cent:
When                Type  Source                                           Valid
2019-12-15 21:01:24 RHOST 127.0.0.1                                            V
2019-12-15 21:01:31 RHOST 127.0.0.1                                            V
2019-12-15 21:01:35 RHOST 127.0.0.1                                            V

# unlock a locked account manually

[root@dlp ~]#
faillock --user cent --reset
Matched Content