Hello Everyone,
I need to set the system (Oracle linux 7.4) to lock the users after 5 failed login (SSH) or su attempts .
My auth and account stack in /etc/pam.d/system-auth and /etc/pam.d/password-auth were exactly the same as this (only the lines in red were added to the config):
auth required pam_env.so
auth required pam_faillock.so preauth silent audit deny=5 unlock_time=60
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
account required pam_faillock.so
The result was that getting root permission failed, was not able to get root/sudo priv, after typing the passwords got "PAM authentication error: Module is unknown". Log in via ssh was OK, it let me in after giving the password, but login via console failed.
Could you please help me how to set the config?