Shulou(Shulou.com)06/01 Report--

This article mainly introduces how linux realizes the function of automatically locking X minutes when users enter the wrong password for N times in a row, which has a certain reference value, and interested friends can refer to it. I hope you can learn a lot after reading this article.

1. Edit the configuration file of PAM

Sudo vim / etc/pam.d/login

Add on the second line

Auth required pam_tally2.so deny=3 unlock_time=5 even_deny_root root_unlock_time=10

Parameter introduction

Even_deny_root also limits root users; deny sets the maximum number of consecutive error logins for ordinary users and root users, and then locks the user; unlock_time sets the time for ordinary users to unlock, in seconds; root_unlock_time sets the time for root users to unlock, in seconds

The pam_tally2 module is used here, and the pam_tally module can be used if pam_tally2 is not supported. In addition, different versions of pam may have different settings. For specific usage, you can refer to the rules for the use of relevant modules.

Be careful

In the second line, add content, be sure to write in front, if written in the back, although the user is locked, but as long as the user enters the correct password, you can still log in!

2. Modify sshd file

This only restricts users to log in from tty, but not remote login. If you want to restrict remote login, you need to change the sshd file.

Sudo vim / etc/pam.d/sshd

Continue to add on the second line

Auth required pam_tally2.so deny=3 unlock_time=5 even_deny_root root_unlock_time=10

View the number of times a user failed to log in:

Sudo pam_tally2-user

Result

Ubuntu@VM-0-5 45.119.212.105ubuntu Ubuntu 45.119.212.105ubuntu Villa $sudo pam_tally2-- userLogin Failures Latest failure Fromroot 309 45.119.212.105ubuntu 290.84 19 15:53:24 Ubuntur 29 19 223.107.140.84

Unlock the specified user:

Sudo pam_tally2-r-u ubuntuubuntu@VM-0-5 sudo pam_tally2-r-u UBUTU ubuntuubuntu@VM-0-5UBUBUTUR u ubuntuLogin Failures Latest failure Fromubuntu 1509UBUBUTUR 19 15:58:49 223.107.140.84 Thank you for reading this article carefully. I hope the article "how to automatically lock X minutes when users log in with the wrong password N times in a row" shared by the editor is helpful, and I also hope you can support it. Pay attention to the industry information channel, more related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.