Have you considered the problem of getting locked out of your computers
because some bozo on the Internet is trying a brute force attack?  I get
something like 20,000 failed logins for root every day.  You might as well
just turn off root login at the ssh config.

I use Fail2ban (there are others) to bloc the source IP of the attacker.  I
only block it for 15 minutes or so, but it's enough to slow down the
attacker and blunt the attack.  Block the badguy, not yourself or your
users. :-)

Good Luck!

-Dylan

On Dec 1, 2016 12:36 AM, "Marko Asplund" <marko.aspl...@gmail.com> wrote:

> The explanation seems to be that pam_tally2 records a failed login when
> login command is started, even before a password is entered. Normally, the
> failed logins counter is reset when the user enters the correct password.
>
> For login this works correctly when the following line is added in pam
> config (common-auth):
>
> auth  required  pam_tally2.so  file=/var/log/tallylog deny=5
> even_deny_root unlock_time=1200 serialize
>
> However, when using sudo, the counter only gets reset when the following
> line is added to pam configuration (common-account):
>
> account        required        pam_tally2.so
>
> Why is the behaviour different for login and sudo?
> Is this a bug?
>
> I think this is a bit confusing and it might be good to explain it in more
> detail on the man page (and the examples section).
>
> marko
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

Reply via email to