Archive for October 2008

Keep track of failed login attempts

To enable faillog to actually start logging failed login attempts you need to set up PAM to use the module “pam_tally.so”. To configure PAM open the file /etc/pam.d/system-auth in your favourite editor and add the following lines to the file:

auth required pam_tally.so onerr=fail deny=5
account required pam_tally.so

This should make sure that accounts are locked if the number of failed attempts exceeds 5. The counter is reset on successful login.

The behaviour of pam_tally has changed over time – this approach should work on at least Fedora Core 6+, RHEL 5, SLES10 and later.

In SLES 10 the PAM config-file is /etc/pam.d/login