[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Authentication problems with pam_tally2 and Ansible



Have you considered the problem of getting locked out of your computers because some bozo on the Internet is trying a brute force attack?  I get something like 20,000 failed logins for root every day.  You might as well just turn off root login at the ssh config.

I use Fail2ban (there are others) to bloc the source IP of the attacker.  I only block it for 15 minutes or so, but it's enough to slow down the attacker and blunt the attack.  Block the badguy, not yourself or your users. :-)

Good Luck!

-Dylan


On Dec 1, 2016 12:36 AM, "Marko Asplund" <marko asplund gmail com> wrote:
The explanation seems to be that pam_tally2 records a failed login when login command is started, even before a password is entered. Normally, the failed logins counter is reset when the user enters the correct password.

For login this works correctly when the following line is added in pam config (common-auth):

auth  required  pam_tally2.so  file=/var/log/tallylog deny=5 even_deny_root unlock_time=1200 serialize

However, when using sudo, the counter only gets reset when the following line is added to pam configuration (common-account):

account        required        pam_tally2.so

Why is the behaviour different for login and sudo?
Is this a bug?

I think this is a bit confusing and it might be good to explain it in more detail on the man page (and the examples section).

marko

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]