Account lock after failed login attempts
Hello!!
I'm new to these forums and this is my first post. I'm trying to lock an account after a number of failed login attempts in a RHEL5. This is the relevant configuration in /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so # added to limit number of unsuccessful login attempts auth required pam_tally.so onerr=fail deny=3 lock_time=4 account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so account required pam_tally.so In the logs I can see how the count of failed logins increase and exceeds my deny option but the account isn't locked pam_tally(sshd:auth): user user (503) tally 4, deny 3 pam_tally(sshd:auth): user user (503) tally 5, deny 3 Do I need any other option in the PAM file? Is there any other way to lock an account? thanks. |
Quote:
http://kbase.redhat.com/faq/docs/DOC-4304 http://www.puschitz.com/SecuringLinux.shtml might help. Your best bet for RedHat Enterprise 5 answers, would be RedHat support. You're paying for access with your RedHat subscription. |
Thanks!!
I will try those links and the RedHat support. |
Hi,
This works for me. Code:
# vi /etc/pam.d/system-auth |
I think fail2ban will make your life much easier. It does exactly what you are trying to do: ban an account (or ip) after a set number of failed logins. HTH
|
Hi Thanks Tanveer your solution also works for me thanks a ton..
Regards Charanjit |
All times are GMT -5. The time now is 03:42 AM. |