Add following lines on /etc/pam.d/password-auth. Following line should be the added on the beginning of auth section.
auth required pam_tally2.so file=/var/log/tallylog deny=1 onerr=fail even_deny_root lock_time=600Add following lines on /etc/pam.d/password-auth at the beginning of account section.
account required pam_tally2.so
In this section:
file=/var/log/tallylog Default log file is used to keep login counts.deny=1 Deny access after 1 attempt and lock down user.
onerr=fail if Something wired happend return fail to login
even_deny_root Policy is also apply to root user.
lock_time=600 Account will be locked for 10 Min
0 comments:
Post a Comment