In this article, we will learn how to lock user login after failed login attempts in Red Hat and CentOS. It is a security practice, which is important to implement in critical servers.

Earlier in RedHat based distro we used to setup pam_tally.so for locking the user login after some failed login attempts. Now in Red Hat 6.x and CentOS 6.x we will use pam_tally2.so .

Steps to lock user login after failed login attempts

In this section, we will follow the given below steps to configure lock user login post failed login attempts.

Edit PAM file

First take the backup of the given below file.

# cd /etc/pam.d
# cp -p password-auth-ac password-auth-ac.bak
# vi system-auth

Note: password-auth is softlink of original file password-auth-ac . ls -la password-auth

Now add these two lines in password-auth-ac or password-auth . Once you save the file, the setup is ready and now it will start taking action on failed login attempts.

auth required pam_tally2.so deny=3 unlock_time=36000 audit
account required pam_tally2.so

Below is the sample of my system’s password-auth file.

[root@localhost ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_tally2.so deny=3 unlock_time=36000 audit
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account required pam_tally2.so
account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so [root@localhost ~]#

Find failed login attempts in log

By default the failed logs are saved in /var/log/tallylog .

To see user’s no. of failed attempts by PAM, use this command.

pam_tally2 -u username

Reset failed login attempts for user

To reset failed login log(like faillog -u username -r), use below command

pam_tally2 -u username --reset

To know what are the options you can use with pam_tally2.so .Read the file from below given path.

cat /usr/share/doc/pam-1.1.1/txts/README.pam_tally2

Articles

How to install own git server with ssh and http access by using gitolite and gitweb in CentOS
create and delete user in Red Hat and CentOS
How to lock and unlock user account in linux
Password prompt in single user mode is not secure : CentOS/Red Hat
Set GRUB password after installation of CentOS/Red Hat
Allow only members of Wheel group to use su command on RHEL/CentOS
Root Is Not Able To Login In Red Hat And CentOS
How to configure vsftpd server with virtual user mysql authentication in CentOS 6
Protect ssh with Google Authenticator on Ubuntu 14.04 LTS
Managing Jenkins plugins : command and GUI
SELINUX : squid service failed to start/restart
How to create OpenSSH rpm package and its upgrade
Recover Linux Grub Password in linux rescue mode CentOS/Red Hat
How to delete password of user in Linux
In ESX , passwd: authentication information cannot be recovered

Sharad Chhetri is an experienced Linux, DevOps, Cloud Engineer & Freelancer. Working on various technologies since RHEL 4 era. He loves sharing the knowledge which he has earned from his experience.
You can contact him on email for freelance projects at admin@sharadchhetri.com.

Read Some More Articles

Bash Code Injection Vulnerability via Specially Crafted Environment Variables

Bash Code Injection Vulnerability via Specially Crafted Environment Variables

BySharad Chhetri

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271 (aka Shellshock ), CVE-2014-7169). This is one the most vulnerable bug we have seen in Linux at current time. Due to this bug, we are seeing lots of business impact in entire world. Details of CVE-2014-6271 A flaw was found in the way Bash evaluated…

pwd command
|

print working directory ( pwd , PWD , OLDPWD ) in Linux / Unix

BySharad Chhetri

When we work in terminal or command line, sometime we want to know in which current directory we are working. And sometimes we also want to know in which previous directory I worked.These requirement are simple but are very important for system administration. Information of working directory is also required in scripting. When system administrator…

How to convert rpm file into deb file
|

How to convert rpm file into deb file

BySharad Chhetri

In this tutorial we learn, how to convert rpm file into deb file.In Debian based OS like ubuntu the package file extension is .deb file. For installing the package in debian based OS we use the command dpkg -i package-name.deb . In Red Hat based linux the package file extension comes in .rpm format .(RPM…

How to encode and decode the strings with base64
|

How to encode and decode the strings with base64

BySharad Chhetri

In this post we will learn how to encode and decode the strings with base64. We will also see some example on this as well. Introduction Base64 is a group of similar encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. The Base64 term originates from…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.