Pam_tally2 to Lock and Unlock User Accounts After Specified Attempts
pam_tally2 is an Pluggable Authentication Module (PAM), Module is used to specify user accounts lockout policy. Important and CRITICAL in security context, After few attempts user account should automatically lockout. Administrators can achieve using pam_tally2 module. In this Article we are going to see pam_tally2 Lock Unlock User Accounts After Specified Attempts.
Pam_tally2 To Lock and Unlock User Accounts
This PAM Module maintains a count of attempted accesses, if access is success count will be reset to 0 Or else after too many attempts access deny. pam_tally2 is an application to manipulate counter file. It can display users counts, set individual counts or clear all counts.
All you need to mention policy in below files. Be careful when your defining PAM policy because it may lead to no access to user accounts (if wrongly configured)
/etc/pam.d/login /etc/pam.d/sshd /etc/pam.d/sudo /etc/pam.d/xserver
HowTo Lock and Unlock User Accounts
auth required pam_tally2.so no_magic_root deny=5 onerr=fail unlock_time=1200 audit
- deny=5 – Deny access after 5 attempts and lock down user.
- no_magic_root – Exclude to lock down root user.
- unlock_time=1200 – Account will be locked till 20 Min (1200 Seconds = 20 Minutes). (remove this Unlock time if you want to lock down permanently – manually unlock.)
- audit = Log audit
- onerr=fail = If something weird happens (like unable to open the file), return with PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM error code.
By default log will be stored /var/log/taillylog, if you want different log file location for this specify file=FilePath
Log file is locate at below path, but you can’t read them directly you have to use PAM utility
# pam_tally2 -f tallylog Login Failures Latest failure From root 510 07/27/17 15:43:06 unknown
See above command output root account has 510 failed attempts. To clear all User failed logins use below command options
# pam_tally2 -r -u root
Now check failed login attempts
# pam_tally2 -u root Login Failures Latest failure From root 0
That’s it about PAM Utility. Lock and Unlock user Accounts.
Whenever you reset Linux user password but still not able to login using SSH, Just verify pam_tally2 failed attempts and clear them using above commands try login.