Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:

Security with pam_tally

by Sonny Nguyen on Apr 20, 2004 (updated on May 7, 2004)

Have you ever consider adding more security to your linux box? Have you ever needed to audit your machine for fail login attempts? If so, then pam_tally is for you. Pam_tally can audit and lock out failled attempts.

Here are the steps to initialize pam_tally

1) Edit your system-auth file

root@localhost> vi /etc/pam.d/system-auth 

..add the following lines

auth	required /lib/security/	onerr=fail no_magic_root
account required /lib/security/ deny=5 no_magic_root reset

2) Next, you will need to create the faillog file.

root@localhost> touch /var/log/faillog

3) In order to check the lockouts counts, run this command...

root@localhost> pam_tally

4) To reset any lockout, you must type the following command...

root@localhost> pam_tally --user USERNAME --reset

5) Additionally, you can set a cronjob to run this command every night and logged it into a file.

root@localhost> crontab -e 

...add this line and change the FILE.txt to preferred log file...

59 23 * * * /sbin/pam_tally > FILE.txt

...if you preferred to send the result to an email, then use this...

59 23 * * * /usr/sbin/sendmail USER@SOMEWHERE < `/sbin/pam_tally`