How to use Pam to lock multiple logon failed users in a Linux environment
Modify the following file:
/ETC/PAM.D/SSHD (remote SSH)
/etc/pam.d/login (terminal)
The contents are as follows:
#%pam-1.0auth Required pam_tally2.so deny=3 unlock_time=120 even_deny_root Root_unlock_time=1200auth required PAM_ faillock.so PreAuth Silent Audit deny=3 unlock_time=120auth sufficient pam_unix.so Nullok Try_first_passauth [Default=di E] pam_faillock.so authfail audit Deny=3account required pam_faillock.so
Under the first line, add the following #%pam-1.0:
Auth Required pam_tally2.so deny=3 unlock_time=600 even_deny_root root_unlock_time=1200
Explanation of each parameter:
Even_deny_root also restricts root users;
Deny sets the maximum number of consecutive error logins for regular users and root users, and the maximum number of times that the user is locked
Unlock_time set the normal user lock, how much time after unlocking, Unit is seconds;
Root_unlock_time set the root user lock, how much time after the unlock, the unit is seconds;
Linux uses Pam to lock multiple logins to failed users