Logon Failure locking policy configuration logon Timeout Policy disabling root remote logon script [plain] #! /Bin/sh # set up login timeout #60 s donot do any operation, auto cancell # PROFILE_PATH = "/etc/profile" tmout = 'cat $ PROFILE_PATH | grep TMOUT 'if [-z "$ tmout"] then echo "TMOUT = 60">/ etc/profile else sed-I's/$ tmout/TMOUT = 60/'$ PROFILE_PATH fi source $ PROFILE_PATH if [$? -Eq 0]; then echo "set TMOUT = 60 successful! "Fi # Locking strategies enable to a logon failure PAM_AUTH_PATH ="/etc/pam. d/system-auth "system_auth = 'cat $ PAM_AUTH_PATH | grep pam_tally2.so 'content =" auth required pam_tally2.so deny = 10 unlock_time = 300 bytes root_unlock_time = 300 "if [-z" $ system_auth "] then sed-I" 3 a {$ content} "$ PAM_AUTH_PATH else sed-I" s/$ system_auth/$ content/"$ PAM_AUTH_PATH fi # Limit the root user login remotely SSH_CONF = "/etc/ssh/sshd_config" sed-I "s/^ # PermitRootLogin. */PermitRootLogin no/"$ SSH_CONF service sshd restart