Linux command
pam_tally2 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Enable login attempt tracking
auth required pam_tally2.so deny=5 unlock_time=900
View user's tally
pam_tally2 --user=[username]
Reset user's tally
pam_tally2 --user=[username] --reset
Reset all tallies
pam_tally2 --reset
说明
pam_tally2 tracks login attempts. Locks accounts after failed attempts. The module prevents brute force attacks. Successor to pam_tally.
参数
- deny=_N_
- Lock the account after N consecutive failures.
- unlock_time=_SECONDS_
- Auto-unlock a locked account after this many seconds.
- magic_root
- Do not increment the counter for attempts made by uid 0.
- even_deny_root
- Apply the deny policy to root too.
- root_unlock_time=_SECONDS_
- Root unlock time (implies even_deny_root).
- no_lock_time
- Do not apply the default lock time for repeated rapid attempts.
- lock_time=_SECONDS_
- Pause this many seconds between failure and next prompt.
- file=_PATH_
- Path to the tally database (default `/var/log/tallylog`).
- audit
- Write details about every action to the audit subsystem.
- silent, no_log_info
- Reduce syslog verbosity.
- --user _NAME_
- Restrict the CLI action to a single user.
- --reset=_N_
- Reset counter (optionally to _N_ instead of zero).
- --quiet
- Suppress output when the user has no tally.
FAQ
What is the pam_tally2 command used for?
pam_tally2 tracks login attempts. Locks accounts after failed attempts. The module prevents brute force attacks. Successor to pam_tally.
How do I run a basic pam_tally2 example?
Run `auth required pam_tally2.so deny=5 unlock_time=900` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does deny=_N_ do in pam_tally2?
Lock the account after N consecutive failures.