From 6757104aa4d1e661b046e71f7bda511d73e83d61 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sun, 24 Jan 2021 05:04:48 -0500 Subject: [PATCH] use pam_tally2 only for login to skip counting failed login attempts over ssh and mail login --- usr/share/pam-configs/tally2-security-misc | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/share/pam-configs/tally2-security-misc b/usr/share/pam-configs/tally2-security-misc index 9638d26..6d8dd7e 100644 --- a/usr/share/pam-configs/tally2-security-misc +++ b/usr/share/pam-configs/tally2-security-misc @@ -4,6 +4,7 @@ Priority: 290 Auth-Type: Primary Auth: optional pam_exec.so debug stdout seteuid /usr/lib/security-misc/pam_tally2-info + [success=1 default=ignore] pam_exec.so seteuid quiet /usr/lib/security-misc/pam_only_if_login requisite pam_tally2.so even_deny_root deny=50 onerr=fail audit debug Account-Type: Primary Account: