如何在一定次数尝试失败后锁定 Ubuntu 登录屏幕?

tag-icon tag-icon login
如何在一定次数尝试失败后锁定 Ubuntu 登录屏幕?

我想知道是否可以在一定次数的尝试失败后锁定登录屏幕。

  1. 如何在一定(预定义)时间后解锁登录屏幕?

  2. 我怎样才能立即使用来自 tty 的固定命令解锁它,而不会受到 1 的任何影响?

注意:我使用的是 Ubuntu 14.04,并参考这里但不幸的是没有成功。

编辑

(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files

(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files

** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported

** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported

** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-position not supported

(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files

(gedit:5558): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files

** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported

** (gedit:5558): WARNING **: Set document metadata failed: Setting attribute metadata::gedit-spell-language not supported

答案1

查看命令pam_tally2 来自链接:

EXAMPLES

   Add the following line to /etc/pam.d/login to lock the account after 4
   failed logins. Root account will be locked as well. The accounts will
   be automatically unlocked after 20 minutes. The module does not have to
   be called in the account phase because the login calls pam_setcred(3)
   correctly.

       auth     required       pam_securetty.so
       auth     required       pam_tally2.so deny=4 even_deny_root unlock_time=1200
       auth     required       pam_env.so
       auth     required       pam_unix.so
       auth     required       pam_nologin.so
       account  required       pam_unix.so
       password required       pam_unix.so
       session  required       pam_limits.so
       session  required       pam_unix.so
       session  required       pam_lastlog.so nowtmp
       session  optional       pam_mail.so standard

命令

pam_tally2 --user {user}

其中 {user} 是用户,将显示已记录的失败次数。

命令

pam_tally2 --user {user} --reset

将重置{user}的计数。

替代方案是失败2ban但需要安装。它在 USC,所以sudo apt-get install fail2ban会安装它。

相关内容