Bobcares
Client Area
Emergency Support
Latest | Server Management

Centos Faillock: Set up Guide

by | Feb 16, 2023

Let us take a close look at centos faillock in detail. We can also look at how to set it up and manage it. At Bobacres our server management support can give you a detailed guide on the whole process.

What is centos Failback?

Faillock acts as a utility or tool for viewing and editing authentication failure record files. The synopsis for the faillock is as follows:

centos faillock

The pam faillock.so module keeps track of failed authentication attempts per user over a certain period of time and locks the account if there are more than deny consecutive unsuccessful authentications. The failure records are a in per-user files in the tally directory.

The faillock command is a program to inspect and edit the contents of tally files. It can reveal the username’s most recent failed login attempts or erase the tally files for all or specific usernames.

OPTIONS --dir /path/to/tally-directory: The directory where the user files with the failure records are kept.

The default is /var/run/faillock. --user username The user whose failure records should be displayed or cleared. –reset Instead of displaying the user’s failure records, clear them. FILES /var/run/faillock/* the files logging the authentication failures for users.

How to Lock User Accounts After Multiple Failed Login Attempts with centos faillock?

Now we’ll look at how to lock a system user’s account after a particular number of failed login attempts in CentOS, RHEL, and Fedora. The purpose here is to enforce basic server security by locking a user’s account after several failed authentication attempts.

This is done by utilizing the pam faillock module, which assists in temporarily locking user accounts in the event of several unsuccessful authentication attempts and preserves a record of the incident. Failed login attempts are saved in per-user files in the tally directory, which is usually/var/run/faillock/.

pam_faillock is part of Linux PAM (Pluggable Authentication Modules) is a dynamic framework for establishing authentication services in applications and different system services.

How Do we Lock User Accounts After Multiple Failed Authentications or apply centos faillock?

By adding the items below to the auth section of the /etc/pam.d/system-auth and /etc/pam.d/password-auth files, we can configure the following capability.

where:

  • audit – Allows for user auditing.
  • deny –  used to specify the number of tries (3 in this example) before locking the user account
  • unlock_time – specifies the amount of time (300 seconds = 5 minutes) for which the account should be locked.

It is vital to note that the sequence of these lines is critical; incorrect setups might result in the locking of all user accounts.

The following content should be in the ‘auth’ section of both files, in the following order:

centos faillock

Now we have to open these two files and we can use any editor to complete the process.

Both files’ default entries in the auth section look like this.

centos faillock

Then, in both of the files above, add the highlighted entry below to the account section.

centos faillock

How Do We Lock My Root Account After Multiple Failed Login Attempts?

Add the even deny root option to the lines in both files in the auth section like this freezing the root account after unsuccessful authentication attempts.

When we’ve finished configuring everything. If users will connect to the server using ssh, we can restart remote access services such as sshd for the aforementioned policy to take effect.

# systemctl restart sshd On SystemD
# service sshd restart On SysVInit

How to Test Failed SSH Login Attempts?

We can setup the system to lock a user’s account after three failed authentication attempts using the parameters described above.

In this case, user abc attempts to switch to user abcd, but after three failed logins due to incorrect passwords,  by the “Permission refused” message, the user aaronkilik’s account is locked.  indicated by the “authentication failure” message from the fourth attempt.

As shown below, the root user is also aware of failed login attempts on the system.

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up, we have now seen more about centos faillock, its usage, setting it up, and how to use it. With the support of our Server management support services at Bobcares.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Install SNMP on RHEL/CentOS/Fedora – How to perform it
  2. Send NXLogs with SSL/TLS to Nagios Log Server – How we do it
  3. Backup and Restore Nagios Log Server – How we do it
  4. Add Glance Cloud images to OpenStack – How to do it

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Install SNMP on RHEL/CentOS/Fedora – How to perform it
  2. Send NXLogs with SSL/TLS to Nagios Log Server – How we do it
  3. Backup and Restore Nagios Log Server – How we do it
  4. Add Glance Cloud images to OpenStack – How to do it

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF