我想知道是否可以在一定次数的尝试失败后锁定登录屏幕。
如何在一定(预定义)时间后解锁登录屏幕?
我怎样才能立即使用来自 tty 的固定命令解锁它,而不会受到 1 的任何影响?
注意:我使用的是 Ubuntu 14.04,并参考这里但不幸的是没有成功。
编辑:
(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported
** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported
** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-position not supported
(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported
** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported
答案1
查看命令pam_tally2 来自链接:
EXAMPLES
Add the following line to /etc/pam.d/login to lock the account after 4
failed logins. Root account will be locked as well. The accounts will
be automatically unlocked after 20 minutes. The module does not have to
be called in the account phase because the login calls pam_setcred(3)
correctly.
auth required pam_securetty.so
auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
auth required pam_env.so
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_limits.so
session required pam_unix.so
session required pam_lastlog.so nowtmp
session optional pam_mail.so standard
命令
pam_tally2 --user {user}
其中 {user} 是用户,将显示已记录的失败次数。
命令
pam_tally2 --user {user} --reset
将重置{user}的计数。
替代方案是失败2ban但需要安装。它在 USC,所以sudo apt-get install fail2ban
会安装它。