First of all, this is just my own experience from an Red Hat magazine named How do I use the faillog program to track failed login attempts?
- Open the /etc/pam.d/system-auth file for editing.
- Add the following lines:
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=2 no_magic_root
- Save the file and exit.
- Test the configuration by attempting to login as a root, but using a wrong password.
- Here’re my 5 cents: type this: (my output appears in spanish)
[root@soseck ~]$ faillog -u root
User Fails Máx Last Active
root 1 0 03/01/07 07:40:02 +0100 pts/0
- Keep in mind that if your’re using the authconfig tool your changes at /etc/pam.d/system-auth will be lossed next time authconfig runs.
More from my own: as a root you should use system-config-suthentication (by typing from a console, for instance) if you want to have a look on how yor system is configured. I recommend you have a look on faillog manual page. It comes with very useful parameters that makes me feel I ‘ll need a next post to talk about it, such a lock-time that lock an account during a number of seconds after a failed login.