maxlogins
Darryl Clarke
smartssa at gmail.com
Sun Apr 30 00:11:06 UTC 2006
On 4/29/06, Daniel Carrera <daniel.carrera at zmsl.com> wrote:
> Daniel Carrera wrote:
> >> OK - A google search on "linux limit failed logins " turned up
> >> http://www.die.net/doc/linux/man/man8/faillog.8.html
> >
> > Weird... that man page is different from the one on my system. In
> > particular, my man page doesn't mention the crucial -l option, even
> > though the -l flag actually works.
>
> Weireder yet, I can't get it to work on my system. Maybe I'm using it wrong.
>
> # This should make all accounts disable for 5min after a failed login.
> sudo faillog -l 300
>
> Then I ssh to my own box and type bogus passwords until I'm kicked out.
> I inmediately ssh again (before the 5min are up), type the correct
> password and I'm allowed in. It looks like faillog didn't do anything.
>
> :-(
Hi,
I just did a quick check and sure enough, ssh failures aren't being
tally'd up by default in /var/log/faillog
I attempted with a bogus password and noticed that running 'faillog'
didn't show anything.
To enable it, I added a line to /etc/pam.d/common-auth
----
#
auth required pam_tally.so
auth required pam_unix.so nullok_secure
----
Then a failed login attempt to ssh ended up in 'faillog' output.
And, as this shows:
http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/modules/pam_tally/README?rev=1.4
There are a few options to throttle/deny access using pam_tally...
--
~ Darryl ~ smartssa at gmail.com
~ http://darrylclarke.com
More information about the ubuntu-users
mailing list