LinuxCommandLibrary

pam_faillock

PAM module that denies access after multiple failed authentication

TLDR

Show failed login attempts

$ faillock --user [username]
copy
Reset failed count
$ faillock --user [username] --reset
copy
Show all users' status
$ faillock
copy
Configure lockout (in pam file)
$ auth required pam_faillock.so deny=5 unlock_time=900
copy

SYNOPSIS

faillock [options]

DESCRIPTION

pam_faillock is a PAM module that denies access after multiple failed authentication attempts. It provides brute-force protection by temporarily locking accounts.
The faillock command queries and resets the failure records.

PARAMETERS

--user name

Specific user.
--reset
Reset failure count.
--dir path
Tally directory.

PARAMETERS

$ deny=N        - Lock after N failures
unlock_time=S - Unlock after S seconds
fail_interval - Time window for failures
even_deny_root - Also lock root
copy

PAM CONFIGURATION

$ # /etc/pam.d/system-auth
auth     required  pam_faillock.so preauth silent deny=5 unlock_time=900
auth     required  pam_unix.so
auth     required  pam_faillock.so authfail deny=5 unlock_time=900

account  required  pam_faillock.so
copy

CAVEATS

Can lock out legitimate users. Root lockout dangerous. Test configuration carefully.

HISTORY

pamfaillock replaced pamtally2 in modern Linux distributions for tracking and enforcing login failure policies.

SEE ALSO

pam(8), faillock(8), pam.d(5)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community