Lab 9 Account Management Methods
Goal: To build skills with PAM configuration
Sequence 1: Track Failed Login Attempts
Scenario: As system administrator you have decided to keep track of failed login attempts. You would like to record how many times users are failing to login, from where they are trying to login, and the latest attempts.
Deliverable: The ability to identify failed login attempts by using pam_tally.so and the faillog command-line tool.
Lab Setup: Make sure there is an unpriviledged user account for user student.
Instructions:
1. Verify the output of faillog by running:
faillog -u student
You should see a report header but no failed login data.
2. Add the following line to the /etc/pam.d/system-auth file just below the first sequence of the auth management group.
auth required pam_tally.so no_magic_root
3. Add the following line to the /etc/pam.d/system-auth file just below the first sequence of the account management group.
account required pam_tally.so deny=2 no_magic_root
4. Save the /etc/pam.d/system-auth file.
5. Switch to a virtual console and login as student 3 times, typing an incorrect password each time.
6. Verify that your changes took place by re-running the faillog -u student command again.
This time you should see report data.
