Shulou(Shulou.com)06/02 Report--

This article mainly introduces the relevant content about locking the user account after the failed login attempt of linux, and shares it for your reference and study. Let's take a look at the detailed introduction.

Pam_tally2 module (method 1)

Used to lock out the user account after a failed ssh login attempt to the system. This module retains the count of attempted access and too many failed attempts.

Configuration

Access to login attempts configured using the / etc/pam.d/system-auth or etc/pam.d/password-auth profile

Auth required pam_tally2.so deny=3 unlock_time=600account required pam_tally2.so

Note:

Auth should be placed on the second line, otherwise users will be able to log in more than 3 times.

If it is also applicable to root, add even_deny_root after auth.

Auth required pam_tally2.so deny=3 even_deny_root unlock_time=600

Pam_tally2 command

View the information of user login failure

Pam_tally2-u testLogin Failures Latest failure Fromtest 1 06 Compact 20 Compact 17 14:18:19 192.168.56.1

Unlock the user

Pam_tally2-u test-r

Pam_faillock module (method 2)

In Red Hat Enterprise Linux 6, the pam_faillock PAM module allows system administrators to lock in user accounts that have failed login attempts within a specified number of times. Limiting the number of login attempts by users is mainly used as a security measure to prevent possible violent cracking of users' account passwords.

Through the pam_faillock module, the failed login attempts are stored in a separate file for each user in the / var/run/faillock directory

Configuration

Add the following command line to the corresponding sections in the / etc/pam.d/system-auth file and / etc/pam.d/password-auth file:

Auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600auth sufficient pam_unix.so nullok try_first_passauth [default=die] pam_faillock.so authfail audit deny=3account required pam_faillock.so

Note:

Auth required pam_faillock.so preauth silent audit deny=3 must be at the front.

Suitable for root to add even_deny_root option to pam_faillock entry

Faillock command

View the number of failed attempts per user

$faillocktest:When Type Source Valid2017-06-20 14:29:05 RHOST 192.168.56.1 V 2017-06-20 14:29:14 RHOST 192.168.56.1 V 2017-06-20 14:29:17 RHOST 192.168.56.1 V

Unlock a user's account

Faillock-user-reset

Summary

The above is the whole content of this article, I hope that the content of this article can bring some help to your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.