An XCCDF Group - A logical subset of the XCCDF Benchmark
pam_faillock
/usr/share/doc/pam-VERSION/txts/README.pam_faillock
dir
remember
pam_pwhistory
authselect
authselect enable-feature with-pwhistory
/etc/security/pwhistory.conf
pam_unix
pam_faillock.so
/etc/security/faillock.conf
deny = <count>
authconfig
root
Note that the default directory that "pam_faillock" uses is usually cleared on system boot so the access will be reenabled after system reboot. If that is undesirable, a different tally directory must be set with the "dir" option.
local_users_only
fail_interval
fail_interval = <interval-in-seconds>
interval-in-seconds
unlock_time=<interval-in-seconds>
unlock_time
0
faillock