PAM

==================================================

==================================

Pluggable Authentication Modules (PAM)

PAM is essentially an authentication system that allows for different modules to be added for support of different authentication methods, as an example; 2fa would be handled by PAM on a Linux system.

/etc/security/

------------------------------------------------------------------------------------------------------------------------------------------------

Lockout Policies

FailLock

faillock is a PAM (Pluggable Authentication Modules) module used for tracking failed authentication attempts in Linux systems. It is primarily used to prevent brute force attacks by locking out user accounts after a specified number of consecutive failed login attempts.

Key Features of faillock
Account Lockout: Locks a user account after a specified number of failed authentication attempts.
Unlocking: Automatically unlocks the account after a specified period, or an administrator can manually unlock it.
Logging: Records failed login attempts and lockout events, which can be useful for security auditing. 

------------------------------------------------------------------------------------------------------------------------------------------------

Pam_Tally2

Pam_Tally2 is the older version of failock which essentially does the same thing, just with fewer features. You'll potentially need to use this on older servers as they may not support failock.

Pam_Tally2 configuration file - /etc/pam.d/login

The below example locks users out after 3 failed logins, denies any root login attempts, and keeps accounts locked for 1 hour.

#
# The PAM configuration file for the Shadow `login' service
#

auth required pam_tally2.so deny=3 even_deny_root unlock_time=3600