How to configure Ubuntu pam_tally2 for login attempts tracking?

by emilia_hackett , in category: Security , a year ago

How to configure Ubuntu pam_tally2 for login attempts tracking?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

by alyson_bogan , a year ago

@emilia_hackett 

To configure pam_tally2 for login attempts tracking on Ubuntu, follow these steps:

  1. Open the PAM configuration file /etc/pam.d/common-auth with a text editor such as nano:sudo nano /etc/pam.d/common-auth
  2. Add the following line at the beginning of the file to enable pam_tally2:auth required pam_tally2.so
  3. Configure the behavior of pam_tally2 by adding the following options to the end of the line added in step 2:deny=3 unlock_time=1200 deny=3: After 3 failed login attempts, the user account will be locked and further login attempts will be denied.unlock_time=1200: The user account will be automatically unlocked after 1200 seconds (20 minutes).You can adjust these values to suit your needs.
  4. Save and close the file.


After making these changes, pam_tally2 will track failed login attempts and lock user accounts after a certain number of attempts. You can view the current status of locked user accounts by running the following command:

1
sudo pam_tally2 --user <username>


Replace <username> with the username of the user you want to check. This command will show the number of failed login attempts and whether the account is currently locked.