mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-16 02:42:02 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce4a30d3cecb7e9bddb96c79aab871804cb90bd4
security-misc/usr/share/pam-configs/tally2-security-misc

10 lines
255 B
Plaintext
Raw Normal View History

split usr/share/pam-configs/security-misc into usr/share/pam-configs/tally2-security-misc usr/share/pam-configs/wheel-security-misc
2019-08-01 11:04:22 +00:00
Name: lock accounts after 5 failed authentication attempts (by package security-misc)
Default: yes
Priority: 260
Auth-Type: Primary
Auth:
pam_tally2.so deny=100 during testing, due to issues https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12
2019-08-10 07:07:28 -04:00
required pam_tally2.so deny=100 onerr=fail audit debug
effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account This is required because otherwise something like "sudo bash" would count as a failed login for pam_tally2 even though it was successful. https://bugzilla.redhat.com/show_bug.cgi?id=707660 https://forums.whonix.org/t/restrict-root-access/7658
2019-08-10 06:06:39 -04:00
Account-Type: Primary
Account:
required pam_tally2.so debug
Reference in New Issue Copy Permalink