Categories
Linux

Linux Failed Attempt Account Lockout (Time Based)

Add the following appended to the pam_tally.so:

onerr=fail deny=5 unlock_time=1800

Relevant entries in bold in /etc/pam.d/system-auth:

auth        required      /lib/security/$ISA/pam_env.so
auth        required      /lib/security/$ISA/pam_tally.so onerr=fail deny=5 unlock_time=1800
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so
account     required      /lib/security/$ISA/pam_tally.so

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.