Count attempted Accesses
Count attempted Accesses
2015/07/23
|
Count attempted Accesses.
| |
| [1] | If counts of attempted accesses of a user is over the value, the user account will be locked. |
[root@dlp ~]#
vi /etc/pam.d/system-auth
# add like follows
# deny=N means a user account is locked over N times attempted (root is not applied)
# if also apply to root, add "even_deny_root"
# unlock_time=N means a locked account will be unlocked after N secconds later (if not specified this value, locked account will not be unlocked automatically)
# if specify "even_deny_root", it's also possible to specify locked timed with "root_unlock_time=N"
auth required pam_env.so auth required pam_tally2.so deny=5 unlock_time=60 auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account required pam_tally2.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so
[root@dlp ~]#
vi /etc/pam.d/password-auth
# add like follows
auth required pam_env.so auth required pam_tally2.so deny=5 unlock_time=60 auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account required pam_tally2.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so |
| [2] | Refer to a count of attempted accesses or unlock a locked account manually like follows. |
# show a count of attempted accesses
[root@dlp ~]#
pam_tally2 -u cent
Login Failures Latest failure From cent 6 07/23/15 19:24:01 ttyS0
# unlock a locked account manually
[root@dlp ~]#
pam_tally2 -r -u cent
|
Comentários
Postar um comentário