ACCOUNT LOCKED AFTER FAILED ATTEMPT [RHEL7]

Posted on March 13, 2019

0


ENVIRONMENT

OS = RHEL 7

First one need to edit /etc/pam.d/password-auth and /etc/pam.d/system-auth and add highlighted / bold lines accurately

auth        required      pam_env.so
auth        required      pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth        sufficient    pam_unix.so nullok try_first_pass
auth        [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600

 

Then you need to add below line under account section at /etc/pam.d/password-auth and /etc/pam.d/system-auth files

account     required      pam_faillock.so

Use below command to check locked accounts

faillock

 

IMPORTANT LINKS

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-hardening_your_system_with_tools_and_services

Posted in: Tech News