d_faillock
Linux_pam.d/faillock
# 导言
Removed deprecated pam_tally and pam_tally2 modules, use pam_faillock instead.
# 建立存储目录
mkdir /var/log/faillock
faillock相关的信息会以用存储在这个目录下
# 配置
- 远程登录文件
/etc/pam.d/sshd
auth requisite pam_faillock.so preauth
auth [success=1 default=bad] pam_unix.so shadow nullok
auth [default=die] pam_faillock.so authfail
auth sufficient pam_faillock.so authsucc
account required pam_unix.so shadow nullok
password required pam_unix.so shadow nullok
session required pam_unix.so shadow nullok
session required pam_loginuid.so
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
- success=1 表示此行成功后,跳过下面
- default=die 表示之后的不执行了,因为succ成功后,会抹去登录失败的记录信息
- faillock配置文件
/etc/security/faillock.conf
dir = /var/log/faillock
deny = 5
fail_interval = 180
unlock_time = 600
even_deny_root # root也受限
root_unlock_time = 60
1
2
3
4
5
6
7
2
3
4
5
6
7
# 测试
faillock --dir /var/log/faillock --user root
faillock --dir /var/log/faillock --user root
root:
When Type Source Valid
2021-04-21 09:49:49 RHOST 172.16.254.216 V
2021-04-21 09:49:52 RHOST 172.16.254.216 V
1
2
3
4
5
2
3
4
5
- v表示有效,i表示无效
# faillock命令
faillock --reset # 解锁所有用户 faillock --user root --reset # 解锁一个用户账户
上次更新: 2023/10/10, 14:48:21