LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Is there any PAM module can do this ?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-01-2008, 09:18 PM   #1
dmak168
LQ Newbie
 
Registered: Aug 2008
Posts: 7

Rep: Reputation: 0
Is there any PAM module can do this ?

Hi All

Does anyone knows whether the following statement is possible to achieve with PAM modules ? I know pam_tally deny can be used to set max. unsuccessful login but it doe not have the ability to check if the unsuccessful attemps are within 60 minutes or not.

"User accounts shall be locked out after three unsuccessful login attempts within a 60 minute time period"


Thanks,
David
 
Old 09-01-2008, 11:46 PM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
I think you can do it using PAM to track the number of login failures, and submit "/usr/bin/faillog -r" to run hourly using cron. Use man pam_tally and man faillog to get more detailed info. If you're using faillog to reset the tally of failed logins each hour, then you should also not reset the tally on successful login - just decrement the tally instead (this is a pam_tally option).
 
Old 09-02-2008, 11:15 AM   #3
dmak168
LQ Newbie
 
Registered: Aug 2008
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks a lot for your answer ... I thought about using cron before but I believe it cannot do the job. For instance, the cron job can star right after your 2nd attemp if it falls into the 60 minutes boundary.


Thanks,
David
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Radius PAM.D Module interpol Linux - Security 5 02-27-2007 03:29 AM
PAM Radius Module interpol Linux - Networking 1 02-23-2007 09:37 AM
PAM Radius Module interpol Linux - Security 1 02-23-2007 09:29 AM
winbind pam module paul_mat Linux - Networking 0 12-21-2005 11:22 PM
PAM problem with module pam_time.so giacomolg Linux - Security 1 11-27-2004 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:14 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration