Ahmad Mahfouz

Random notes

Secure/Lock accounts with PAM tally2

pam_tally2 is a PAM module to allow interaction in users interfaces on numbers of failed login attempt it can reset count on success, can deny access if too many attempts fail.

this module is unique because it  not just reflect remote connection but also reflect the ttys and any system login method as it uses PAM

example from tty:

 

some parameters

  1. deny used to block access of numbers of failed attempts
  2. unlock_time used to set a time duration for blocked access in seconds
  3. even_deny_root root is excluded by default, you set this parameter to tell tally2 count for root too
  4. root_unlock_time same as unlock_time but  for root only

 

example PAM config:

 

to reflect the tty access we have to configure our tally2 module in /etc/pam.d/system-auth

 

here is our final layout for system-auth

to reflect the  remote connections  that use password example sshd

we config our /etc/pam.d/password-auth with tally

 

notice that we have done 2 things  one in auth interface that verifies the account and 2nd one in the account interface to reflect the permissions of the account

 

here is some output of /var/log/secure

 

as you see tally2 kills the connection 🙂

for manual interaction with tally2 counter

there is a command called pam_tally2

to remove a counter failures

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.