action #101142
closed
- Related to action #96534: [sle][security][sle15sp4][CC] add 'test_pamfaillock_xxx' into audit_test/libpam run list when SLE ship pam_faillock added
- Subject changed from [sle][security][sle15sp4][pam]:Provide pam_faillock to [sle][security][sle15sp4][pam][manual]:Provide pam_faillock
- Status changed from New to In Progress
- % Done changed from 0 to 10
rpm -q pam-1.3.0-6.50.1.x86_64 --changelog |grep faillock¶
- Added tmpfiles for pam to set up directory for pam_faillock.
- Added pam_faillock to the set of modules.
[jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- Copied to action #102990: [sle][security][sle15sp4][pam][automation]:Provide pam_faillock added
Build a local vm to test basic lock and unlock operation. need update auth and password pam configuration file, wip
- Estimated time changed from 4.00 h to 8.00 h
Added the following lines to "/etc/pam.d/common-auth" and "/etc/pam.d/common-password" files:
auth required pam_faillock.so preauth deny=3 unlock_time=600
auth required pam_faillock.so authfail deny=3 unlock_time=600
account required pam_faillock.so
susetest:~ # ssh usr@localhost
Password: [badpasswd]
Password:
Password:
bernhard@localhost's password:
Permission denied, please try again.
bernhard@localhost's password:
Permission denied, please try again.
bernhard@localhost's password:
Received disconnect from ::1 port 22:2: Too many authentication failures
Disconnected from ::1 port 22
susetest:~ # ssh usr@localhost
Password: [right passwd]
The account is locked due to 3 failed logins.
(10 minutes left to unlock)
susetest:~ # faillock --user usr --reset
susetest:~ # usr@localhost
Password:
Last failed login: Fri Nov 26 01:37:24 EST 2021 from ::1 on ssh:notty
There were 7 failed login attempts since the last successful login.
Last login: Thu Nov 25 23:43:09 2021 from 10.163.24.122
usr@susetest:~>
- Status changed from In Progress to Resolved
- % Done changed from 10 to 100
Also available in: Atom
PDF