Keep track of failed login attempts

To enable faillog to actually start logging failed login attempts you need to set up PAM to use the module “pam_tally.so”. To configure PAM open the file /etc/pam.d/system-auth in your favourite editor and add the following lines to the file:

auth required pam_tally.so onerr=fail deny=5
account required pam_tally.so

This should make sure that accounts are locked if the number of failed attempts exceeds 5. The counter is reset on successful login.

The behaviour of pam_tally has changed over time – this approach should work on at least Fedora Core 6+, RHEL 5, SLES10 and later.

In SLES 10 the PAM config-file is /etc/pam.d/login

Leave a Reply