登录策略
本文实现CentOS8 ssh登录失败5次后锁定5分钟.
pam_tally2模块在centos8已经淘汰,使用pam_faillock模块替换.
修改/etc/pam.d/system-auth /etc/pam.d/password-auth,这两个文件是软连接,备份原文件.
#修改前备份原文件cp -rf /etc/authselect/system-auth /etc/authselect/system-auth.bakcp -rf /etc/authselect/password-auth /etc/authselect/password-auth.bak#添加以下命令行到 /etc/pam.d/system-auth 文件和/etc/pam.d/password-auth 文件中的对应区段:auth required pam_faillock.so preauth silent even_deny_root audit deny=5 unlock_time=300auth sufficient pam_unix.so nullok try_first_passauth [default=die] pam_faillock.so authfail even_deny_root audit deny=5 unlock_time=300account required pam_faillock.so
- auth required pam_faillock.so preauth silent aud