pam_tally2
tracks login attempts
TLDR
Enable login attempt tracking
$ auth required pam_tally2.so deny=5 unlock_time=900
View user's tallycopy
$ pam_tally2 --user=[username]
Reset user's tallycopy
$ pam_tally2 --user=[username] --reset
Reset all talliescopy
$ pam_tally2 --reset
copy
SYNOPSIS
pam_tally2 [options]
DESCRIPTION
pam_tally2 tracks login attempts. Locks accounts after failed attempts.The module prevents brute force attacks. Successor to pam_tally.
PARAMETERS
deny=N
Lock the account after N consecutive failures.unlock_time=SECONDS
Auto-unlock a locked account after this many seconds.magic_root
Do not increment the counter for attempts made by uid 0.even_deny_root
Apply the deny policy to root too.root_unlock_time=SECONDS
Root unlock time (implies even_deny_root).no_lock_time
Do not apply the default lock time for repeated rapid attempts.lock_time=SECONDS
Pause this many seconds between failure and next prompt.file=PATH
Path to the tally database (default `/var/log/tallylog`).audit
Write details about every action to the audit subsystem.silent, no_log_info
Reduce syslog verbosity.--user NAME
Restrict the CLI action to a single user.--reset[=N]
Reset counter (optionally to N instead of zero).--quiet
Suppress output when the user has no tally.
CAVEATS
Deprecated: removed from Linux-PAM 1.5.0 (2020). Modern distributions (RHEL 9+, Fedora 33+, Debian 12+) ship only pam_faillock. The tally database `/var/log/tallylog` is shared with the old `pamtally` and is not compatible with pamfaillock's per-user files under `/var/run/faillock/`.
HISTORY
pamtally2 replaced pamtally for improved login tracking and lockout.
SEE ALSO
pam(8), pam_faillock(8)