Wednesday, September 3, 2014

CentOS/ Red Hats : lock user login after failed login attempts in Red Hat 6.x and CentOS 6.x

lock user login after failed login attempts in Red Hat 6.x and CentOS 6.x

lock user login after failed login attempts in Red Hat 6.x and CentOS 6.x
Earlier in RedHat based distro we used to setup pam_tally.so for locking the user login after some failed login attempts.
Now in Red Hat 6.x and CentOS 6.x we will use pam_tally2.so .
# cd /etc/pam.d
# cp -p password-auth-ac password-auth-ac.bak
# vi system-auth
note:password-auth is softlink of original file password-auth-ac . ls -la password-auth
Now add these two lines in password-auth-ac or password-auth
auth required pam_tally2.so deny=3 unlock_time=36000 audit
account required pam_tally2.so
Below is the sample of my system’s password-auth file.
[root@localhost ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_tally2.so deny=3 unlock_time=36000 audit
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account required pam_tally2.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@localhost ~]#
By default the failed logs are saved in /var/log/tallylog
To see user’s no. of failed attempts,command is -
pam_tally2 -u username
To reset failed login log(like faillog -u username -r), use below command
pam_tally2 -u username –reset
To know what are the options you can use with pam_tally2.so .Read the file from below given path.
cat /usr/share/doc/pam-1.1.1/txts/README.pam_tally2

No comments: