This is the topic I was trying to do for many days but it was not working. Finally I have done it and it’s time to share it with you guys. So following are the steps to do this task-

  • Open /etc/pam.d/system-auth file.
  • Now write these lines just above the line stating auth sufficient

auth required onerr=fail deny=3

account  required reset

Lock User Accounts After Failed Login Attempts

Now the account will be locked after three failed login attempts. There are various other options you can use like-

  • unlock_time=100 will unlock the account after 100 seconds. You can use any value for unlock_time field. If you don’t use this parameter then you’ll have to manually unlock a locked account using pam_tally2 -r -u username command.
  • lock_time=100 will lock the account for 100 seconds after failed attempts to login.
  • no_magic_root will avoid locking root account.

This is more than enough guys but for any additional help you can see the respective man pages.