By default, pam_tally2 module is already installed on the most of the Linux distributions and it is controlled by PAM package itself. This is a guide to lock and unlock SSH accounts after reaching a certain failed number of login attempts.
For example I found the configuration file in my RHEL system at /etc/pam.d/password-auth.
I used ‘/etc/pam.d/password-auth‘ configuration file to configure login attempts accesses. First I opened this file and added the following AUTH configuration line to it at beginning of the ‘auth‘ section.
auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1800
Parameters of the above line is described below.
- file=/var/log/tallylog – Default log file is used to keep login counts.
- deny=3 – Deny access after 3 attempts and lock down user.
- even_deny_root – Policy is also apply to root user.
- unlock_time=1800 – Account will be locked till 30 Min.
I wanted to automatically unlock the account after 30mins. So I configured the unlock_time=1800 also. In order to block permanently till manually unlock, this needs to be removed.
Now, to verify or check the counter that auser attempts, I use the following command:
$ pam_tally2 --user=kushan
To reset or unlock the user account to enable access again, I use the following command:
$ pam_tally2 --user=kushan --reset
To verify login attempt is reset or unlocked, I use the command:
$ pam_tally2 --user=kushan
Reference
Do ‘man pam_tally2‘ from the command line inside RHEL to know more about pam_tally2.
0 comments:
Post a Comment