Last active
February 1, 2024 14:43
-
-
Save FromeXo/8e4da0668c85c8456cca061855d67010 to your computer and use it in GitHub Desktop.
Default faillock.conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration for locking the user after multiple failed | |
| # authentication attempts. | |
| # | |
| # The directory where the user files with the failure records are kept. | |
| # The default is /var/run/faillock. | |
| # dir = /var/run/faillock | |
| # | |
| # Will log the user name into the system log if the user is not found. | |
| # Enabled if option is present. | |
| # audit | |
| # | |
| # Don't print informative messages. | |
| # Enabled if option is present. | |
| # silent | |
| # | |
| # Don't log informative messages via syslog. | |
| # Enabled if option is present. | |
| # no_log_info | |
| # | |
| # Only track failed user authentications attempts for local users | |
| # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. | |
| # The `faillock` command will also no longer track user failed | |
| # authentication attempts. Enabling this option will prevent a | |
| # double-lockout scenario where a user is locked out locally and | |
| # in the centralized mechanism. | |
| # Enabled if option is present. | |
| # local_users_only | |
| # | |
| # Deny access if the number of consecutive authentication failures | |
| # for this user during the recent interval exceeds n tries. | |
| # The default is 3. | |
| # deny = 3 | |
| # | |
| # The length of the interval during which the consecutive | |
| # authentication failures must happen for the user account | |
| # lock out is <replaceable>n</replaceable> seconds. | |
| # The default is 900 (15 minutes). | |
| # fail_interval = 900 | |
| # | |
| # The access will be re-enabled after n seconds after the lock out. | |
| # The value 0 has the same meaning as value `never` - the access | |
| # will not be re-enabled without resetting the faillock | |
| # entries by the `faillock` command. | |
| # The default is 600 (10 minutes). | |
| # unlock_time = 600 | |
| # | |
| # Root account can become locked as well as regular accounts. | |
| # Enabled if option is present. | |
| # even_deny_root | |
| # | |
| # This option implies the `even_deny_root` option. | |
| # Allow access after n seconds to root account after the | |
| # account is locked. In case the option is not specified | |
| # the value is the same as of the `unlock_time` option. | |
| # root_unlock_time = 900 | |
| # | |
| # If a group name is specified with this option, members | |
| # of the group will be handled by this module the same as | |
| # the root account (the options `even_deny_root>` and | |
| # `root_unlock_time` will apply to them. | |
| # By default, the option is not set. | |
| # admin_group = <admin_group_name> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment