faillock.conf
· 2.2 KiB · Text
Raw
# Configuration for locking the user after multiple failed
# authentication attempts.
#
# The directory where the user files with the failure records are kept.
# The default is /var/run/faillock.
# dir = /var/run/faillock
#
# Will log the user name into the system log if the user is not found.
# Enabled if option is present.
# audit
#
# Don't print informative messages.
# Enabled if option is present.
# silent
#
# Don't log informative messages via syslog.
# Enabled if option is present.
# no_log_info
#
# Only track failed user authentications attempts for local users
# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
# The `faillock` command will also no longer track user failed
# authentication attempts. Enabling this option will prevent a
# double-lockout scenario where a user is locked out locally and
# in the centralized mechanism.
# Enabled if option is present.
# local_users_only
#
# Deny access if the number of consecutive authentication failures
# for this user during the recent interval exceeds n tries.
# The default is 3.
deny = 5
#
# The length of the interval during which the consecutive
# authentication failures must happen for the user account
# lock out is <replaceable>n</replaceable> seconds.
# The default is 900 (15 minutes).
# fail_interval = 300
#
# The access will be re-enabled after n seconds after the lock out.
# The value 0 has the same meaning as value `never` - the access
# will not be re-enabled without resetting the faillock
# entries by the `faillock` command.
# The default is 600 (10 minutes).
unlock_time = 300
#
# Root account can become locked as well as regular accounts.
# Enabled if option is present.
# even_deny_root
#
# This option implies the `even_deny_root` option.
# Allow access after n seconds to root account after the
# account is locked. In case the option is not specified
# the value is the same as of the `unlock_time` option.
# root_unlock_time = 900
#
# If a group name is specified with this option, members
# of the group will be handled by this module the same as
# the root account (the options `even_deny_root>` and
# `root_unlock_time` will apply to them.
# By default, the option is not set.
# admin_group = <admin_group_name>
| 1 | # Configuration for locking the user after multiple failed |
| 2 | # authentication attempts. |
| 3 | # |
| 4 | # The directory where the user files with the failure records are kept. |
| 5 | # The default is /var/run/faillock. |
| 6 | # dir = /var/run/faillock |
| 7 | # |
| 8 | # Will log the user name into the system log if the user is not found. |
| 9 | # Enabled if option is present. |
| 10 | # audit |
| 11 | # |
| 12 | # Don't print informative messages. |
| 13 | # Enabled if option is present. |
| 14 | # silent |
| 15 | # |
| 16 | # Don't log informative messages via syslog. |
| 17 | # Enabled if option is present. |
| 18 | # no_log_info |
| 19 | # |
| 20 | # Only track failed user authentications attempts for local users |
| 21 | # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. |
| 22 | # The `faillock` command will also no longer track user failed |
| 23 | # authentication attempts. Enabling this option will prevent a |
| 24 | # double-lockout scenario where a user is locked out locally and |
| 25 | # in the centralized mechanism. |
| 26 | # Enabled if option is present. |
| 27 | # local_users_only |
| 28 | # |
| 29 | # Deny access if the number of consecutive authentication failures |
| 30 | # for this user during the recent interval exceeds n tries. |
| 31 | # The default is 3. |
| 32 | deny = 5 |
| 33 | # |
| 34 | # The length of the interval during which the consecutive |
| 35 | # authentication failures must happen for the user account |
| 36 | # lock out is <replaceable>n</replaceable> seconds. |
| 37 | # The default is 900 (15 minutes). |
| 38 | # fail_interval = 300 |
| 39 | # |
| 40 | # The access will be re-enabled after n seconds after the lock out. |
| 41 | # The value 0 has the same meaning as value `never` - the access |
| 42 | # will not be re-enabled without resetting the faillock |
| 43 | # entries by the `faillock` command. |
| 44 | # The default is 600 (10 minutes). |
| 45 | unlock_time = 300 |
| 46 | # |
| 47 | # Root account can become locked as well as regular accounts. |
| 48 | # Enabled if option is present. |
| 49 | # even_deny_root |
| 50 | # |
| 51 | # This option implies the `even_deny_root` option. |
| 52 | # Allow access after n seconds to root account after the |
| 53 | # account is locked. In case the option is not specified |
| 54 | # the value is the same as of the `unlock_time` option. |
| 55 | # root_unlock_time = 900 |
| 56 | # |
| 57 | # If a group name is specified with this option, members |
| 58 | # of the group will be handled by this module the same as |
| 59 | # the root account (the options `even_deny_root>` and |
| 60 | # `root_unlock_time` will apply to them. |
| 61 | # By default, the option is not set. |
| 62 | # admin_group = <admin_group_name> |
| 63 |