Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- auth required /lib/security/$ISA/pam_tally.so no_magic_root
- account required /lib/security/$ISA/pam_tally.so deny=5 reset no_magic_root
- /etc/pam.d/system-auth
- /etc/pam.d/login
- /etc/pam.d/sshd
- auth required pam_tally.so no_magic_root
- account required pam_tally.so deny=5 reset no_magic_root
- /etc/pam.d/login
- /etc/pam.d/sshd
- auth required pam_tally.so deny=5 onerr=fail per_user no_lock_time
- /etc/pam.d/common-auth
- account required pam_tally.so
- /etc/pam.d/common-account
- /sbin/pam_tally --user USERNAME --reset
- auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200
- account required pam_tally2.so
- auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200 root_unlock_time=60
- $ ssh me@somemachine
- me@somemachine's password:
- Permission denied, please try again.
- me@somemachine's password:
- Permission denied, please try again.
- me@somemachine's password:
- Account locked due to 4 failed logins
- Account locked due to 5 failed logins
- Last login: Mon Jun 4 21:21:06 2013 from someothermachine
- $ pam_tally2 --user=me
- Login Failures Latest failure From
- me 5 06/04/13 21:21:06 someothermachine
- pam_tally2 --user=me --reset
- Login Failures Latest failure From
- me 5 06/04/13 21:21:06 someothermachine
- $ pam_tally2 --user=me
- Login Failures Latest failure From
- me 0
- passwd -u <account_name>
- pam_tally2 --user <account_name> --reset
- #%PAM-1.0
- # auth requisite pam_nologin.so
- auth required pam_env.so
- auth requisite pam_securetty.so
- auth required pam_tally2.so onerr=fail audit file=/var/log/tallylog deny=3 magic_root
- # go hard and lock everything:
- #auth required pam_tally2.so onerr=fail audit file=/var/log/tallylog deny=3 even_deny_root root_unlock_time=60
- # auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so
- auth required pam_unix2.so
- #auth include common-auth
- # novell knowledgebase 7011883
- account required pam_tally2.so
- account include common-account
- password include common-password
- session required pam_loginuid.so
- session include common-session
- session optional pam_lastlog.so nowtmp
- session optional pam_mail.so standard
- session optional pam_ck_connector.so
- session required pam_limits.so
- session required pam_unix2.so
- session optional pam_umask.so
- password requisite pam_pwcheck.so cracklib minlen=14 remember=24 difok=4 maxrepeat=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
- password required pam_unix2.so use_authtok
- auth include common-auth
- account include common-account
- password include common-password
- session include common-session
- auth required pam_env.so
- auth required pam_unix2.so
- # auth optional pam_faildelay.so
- # handled with FAIL_DELAY in /etc/login.defs
- account required pam_unix2.so
- auth sufficient pam_rootok.so
- auth include common-auth
- account sufficient pam_rootok.so
- account include common-account
- password include common-password
- session include common-session
- session optional pam_xauth.so
- # require users to be in wheel group in order to su to root
- auth required pam_wheel.so
- #auth requisite pam_nologin.so
- auth required pam_env.so
- auth required pam_tally2.so onerr=fail audit file=/var/log/tallylog deny=3 magic_root
- auth required pam_unix2.so
- #auth include common-auth
- #account requisite pam_nologin.so
- # novell knowledgebase 7011883
- account required pam_tally2.so
- account include common-account
- password include common-password
- session required pam_loginuid.so
- session include common-session
- session optional pam_lastlog.so noupdate showfailed
- auth include common-auth
- account include common-account
- password include common-password
- session required pam_loginuid.so
- session include common-session
- # disable root console login for gdm
- auth required pam_succeed_if.so user != root audit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement