leshe4ka revised this gist . Go to revision
1 file changed, 62 insertions
faillock.conf(file created)
| @@ -0,0 +1,62 @@ | |||
| 1 | + | # Configuration for locking the user after multiple failed | |
| 2 | + | # authentication attempts. | |
| 3 | + | # | |
| 4 | + | # The directory where the user files with the failure records are kept. | |
| 5 | + | # The default is /var/run/faillock. | |
| 6 | + | # dir = /var/run/faillock | |
| 7 | + | # | |
| 8 | + | # Will log the user name into the system log if the user is not found. | |
| 9 | + | # Enabled if option is present. | |
| 10 | + | # audit | |
| 11 | + | # | |
| 12 | + | # Don't print informative messages. | |
| 13 | + | # Enabled if option is present. | |
| 14 | + | # silent | |
| 15 | + | # | |
| 16 | + | # Don't log informative messages via syslog. | |
| 17 | + | # Enabled if option is present. | |
| 18 | + | # no_log_info | |
| 19 | + | # | |
| 20 | + | # Only track failed user authentications attempts for local users | |
| 21 | + | # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. | |
| 22 | + | # The `faillock` command will also no longer track user failed | |
| 23 | + | # authentication attempts. Enabling this option will prevent a | |
| 24 | + | # double-lockout scenario where a user is locked out locally and | |
| 25 | + | # in the centralized mechanism. | |
| 26 | + | # Enabled if option is present. | |
| 27 | + | # local_users_only | |
| 28 | + | # | |
| 29 | + | # Deny access if the number of consecutive authentication failures | |
| 30 | + | # for this user during the recent interval exceeds n tries. | |
| 31 | + | # The default is 3. | |
| 32 | + | deny = 5 | |
| 33 | + | # | |
| 34 | + | # The length of the interval during which the consecutive | |
| 35 | + | # authentication failures must happen for the user account | |
| 36 | + | # lock out is <replaceable>n</replaceable> seconds. | |
| 37 | + | # The default is 900 (15 minutes). | |
| 38 | + | # fail_interval = 300 | |
| 39 | + | # | |
| 40 | + | # The access will be re-enabled after n seconds after the lock out. | |
| 41 | + | # The value 0 has the same meaning as value `never` - the access | |
| 42 | + | # will not be re-enabled without resetting the faillock | |
| 43 | + | # entries by the `faillock` command. | |
| 44 | + | # The default is 600 (10 minutes). | |
| 45 | + | unlock_time = 300 | |
| 46 | + | # | |
| 47 | + | # Root account can become locked as well as regular accounts. | |
| 48 | + | # Enabled if option is present. | |
| 49 | + | # even_deny_root | |
| 50 | + | # | |
| 51 | + | # This option implies the `even_deny_root` option. | |
| 52 | + | # Allow access after n seconds to root account after the | |
| 53 | + | # account is locked. In case the option is not specified | |
| 54 | + | # the value is the same as of the `unlock_time` option. | |
| 55 | + | # root_unlock_time = 900 | |
| 56 | + | # | |
| 57 | + | # If a group name is specified with this option, members | |
| 58 | + | # of the group will be handled by this module the same as | |
| 59 | + | # the root account (the options `even_deny_root>` and | |
| 60 | + | # `root_unlock_time` will apply to them. | |
| 61 | + | # By default, the option is not set. | |
| 62 | + | # admin_group = <admin_group_name> | |
Newer
Older