auditing account lockouts
Steve M. Zak
smzak at faac.com
Mon Oct 10 13:54:00 UTC 2011
Hi,
Through experimentation and per Red Hat tech support when the deny=x switch is set in /etc/pam.d/login as below
auth required pam_tally2.so deny=5 onerr=fail
the lockout happens at 5 failed attempts, but the audit trail does not record it until the next try.
Does the audit system provide a way to show that the lockout has occurred when the deny number is reached? Ideally this would be some system log that uses a variation of "Account locked"
Thanks!
____________________________________________
Steve M. Zak,
--
This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20111010/10bc0b1c/attachment.htm>
More information about the Linux-audit
mailing list