Skip to main content

PAM

==================================================

Pluggable Authentication Modules (PAM)

PAM is essentially an authentication system that allows for different modules to be added for support of different authentication methods, as an example; 2fa would be handled by PAM on a Linux system.

/etc/security/

------------------------------------------------------------------------------------------------------------------------------------------------

Lockout Policies

FailLock

faillock is a PAM (Pluggable Authentication Modules) module used for tracking failed authentication attempts in Linux systems. It is primarily used to prevent brute force attacks by locking out user accounts after a specified number of consecutive failed login attempts.

Key Features of faillock
Account Lockout: Locks a user account after a specified number of failed authentication attempts.
Unlocking: Automatically unlocks the account after a specified period, or an administrator can manually unlock it.
Logging: Records failed login attempts and lockout events, which can be useful for security auditing. 

------------------------------------------------------------------------------------------------------------------------------------------------

PamTally2

PamTally2 is the older version of failock which essentially does the same thing, just with a few less features. You'll potentially need to use this on older servers as they may not support failock.

PamTally2 configuration file - /etc/pam.d/login

The below example locks users out after 3 failed logins, denies any root login attempts, and keeps accounts locked for 1 hour.

#
# The PAM configuration file for the Shadow `login' service
#

auth required pam_tally2.so deny=3 even_deny_root unlock_time=3600


 

Back to top