PAM
==================================================
Pluggable Authentication Modules (PAM)
PAM
isessentially an authentication system that allows for different modules to be added for support of different authentication methods, as an example; 2fa would be handled by PAM on a Linux system.
/etc/security/
------------------------------------------------------------------------------------------------------------------------------------------------
Lockout Policies
FailLock
faillock is a PAM (Pluggable Authentication Modules) module used for tracking failed authentication attempts in Linux systems. It is primarily used to prevent brute force attacks by locking out user accounts after a specified number of consecutive failed login attempts.
Key Features of faillock
Account Lockout: Locks a user account after a specified number of failed authentication attempts.
Unlocking: Automatically unlocks the account after a specified period, or an administrator can manually unlock it.
Logging: Records failed login attempts and lockout events, which can be useful for security auditing.
------------------------------------------------------------------------------------------------------------------------------------------------
PamTally2
PamTally2 is the older version of failock which essentially does the same thing, just with a few less features. You'll potentially need to use this on older servers as they may not support failock.
PamTally2 configuration file - /etc/pam.d/login
The below example locks users out after 3 failed logins, denies any root login attempts, and keeps accounts locked for 1 hour.
#
# The PAM configuration file for the Shadow `login' service
#
auth required pam_tally2.so deny=3 even_deny_root unlock_time=3600