Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Keep in mind that there is a very good reason why this isn't a default in linux...it makes performing a DoS attack trivial if someone realizes your using this in your authentication policy.
Last edited by Capt_Caveman; 02-26-2005 at 10:20 PM.
Just use the path to pam_tally.so. To find the path, use: 'locate pam_tally.so' or use find / -name pam_tally.so. Then just use the full path instead of the one listed in the guide so for me it would look like this:
So I would then use:
account required /lib/security/pam_tally.so per_user deny=5 no_magic_root reset
The above rule would lock a user out after 5 failed attempts, so if you wanted only 3 failures then just replace the '5' with a '3' in the rule. Once you made the required modifications, make sure that you've added all the required entries and double and triple check the syntax to make sure that it looks like the example in the link (though your path to the libs may be different).
Ok, once I locate the pam_tally.iso in the SHell Console command, then after that, what do I need to do?
Do I have to type in this after it locates the pam_tally.iso??? See below:
So, after it locates it, then where do I need to type this information in?? Would I have to type it in the same Shell Konsole??? Please explain or give me another example please...
Ok, I did the following but no luck...can you assist me here a bit?
Code:
[root@localhost vin001]# locate pam_tally.so
warning: locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old
/lib/security/pam_tally.so
[root@localhost vin001]# account required /lib/security/pam_tally.so per_user deny=5 no_magic_root reset
bash: account: command not found
[root@localhost vin001]#
I then went into GEDIT and tried to open this directory /lib/security/pam_tally.so but the error said "Could not Open because of Invalid UTF-8 data "
It looks like it found the lib and is just showing a warning that the db is old.
I then went into GEDIT and tried to open this directory /lib/security/pam_tally.so but the error said "Could not Open because of Invalid UTF-8 data "
That's cause you are trying to edit the lib which isn't text file. You shouldn't be editing the lib anyway, follow the instructions in the guide. You should be modifying /etc/pam.d/system-auth. Just substitute the path to the pam_tally.so file on your system in place of the one in the guide like this:
Only add the lines in bold and don't modify any other lines.
I'm going to give you some advice here. You should not make any modifications to that file unless you can tell me how you are going to prevent root from getting locked out. The above instructions will lock all users including root out of the system after 5 failed logins. You absolutely must have a way to keep root from being locked out, otherwise the next time sshbrute is run against your system, root WILL BE LOCKED OUT and you will not be able to log on or su to root.
Last edited by Capt_Caveman; 04-04-2005 at 09:31 PM.
Well, I'll take your WARNING... I will not do this at all...
Because I use very very very AND VERY STRONG Passwords for both ROOT and USER.... so I dont think there is no need for this. And plus, I am firewalled too...
No problem, I think it's a wise choice. If you have good passwords, then you don't have anything to worry about. If you are still worried, switch to key-based authentication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.