Negar 5 segundos após uma falha na tentativa de login
pam_tally.so:
This module maintains a count of attempted accesses, can reset count
on success, can deny access if too many attempts fail. pam_tally comes
in two parts: pam_tally.so and pam_tally. The former is the PAM module
and the latter, a stand-alone program. pam_tally is an (optional)
application which can be used to interrogate and manipulate the
counter file. It can display users’ counts, set individual counts, or
clear all counts. Setting artificially high counts may be useful for
blocking users without changing their passwords. For example, one
might find it useful to clear all counts every midnight from a cron
job. The faillog(8) command can be used instead of pam_tally to to
maintain the counter file.
Normalmente, as tentativas fracassadas de acesso ao root não farão com que a conta root seja bloqueada, para evitar negação de serviço: se seus usuários não tiverem contas de shell e o root só puder efetuar login via su ou no console da máquina ( não telnet / rsh, etc), isso é seguro
Etapa 1 # edite " /etc/pam.d/system-auth
" e anexe a linha abaixo em " pam_env.so
"
auth required pam_tally.so deny=1 lock_time=5
account required pam_tally.so reset
depois de configurar o arquivo acima tente logar com senha errada de qualquer usuário
aqui está a saída de amostra do meu arquivo de log
logs:
tail -f /var/log/secure
Jun 04 15:59:13 station01 su: pam_tally(su-l:auth): user test (502) has time limit [167s left] since last failure
Jun 26 16:01:35 station01 sshd[13890]: pam_tally(sshd:auth): user test1 (503) has time limit [174s left] since last failure.
Jun 26 16:01:37 station01 sshd[13890]: Failed password for test1 from 192.168.0.13 port 54398 ssh2