The faillog command shows the number of failed authentication attempts per user. For pam_tally2 this command does not work, and the pam_tally2 command itself should used. Use-ato see all users, or-uto specify which user you are interested in. The modules pam_tally and pam_tally2 both u...
To lock out the root user, auth required pam_faillock.so should be added: auth required pam_faillock.so preauth silent audit deny=3 even_deny_root unlock_time=1200 root_unlock_time=600 To disable a user from locking out even after multiple failed logins add the below line just above the...