January 2018
Intermediate to advanced
376 pages
8h 45m
English
Content preview from Mastering Linux Security and Hardening
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Configuring the pam_tally2 PAM module
To make this magic work, we'll rely on our good friend, the PAM module. The pam_tally2 module comes already installed on both CentOS and Ubuntu, but it isn't configured. For both of our virtual machines, we'll be editing the /etc/pam.d/login file. Figuring out how to configure it is easy because there's an example at the bottom of the pam_tally2 man page:
EXAMPLES Add the following line to /etc/pam.d/login to lock the account after 4 failed logins. Root account will be locked as well. The accounts will be automatically unlocked after 20 minutes. The module does not have to be called in the account phase because the login calls pam_setcred(3) correctly. auth required pam_securetty.so auth required pam_tally2.so ...