cant login after -l

Question

cant login after -l

zikkuratti opened this issue a year ago · 5 comments

cant login after -l which module make effect?

Answer 1 · 2023-10-20T06:01:48.000Z

As per documentation: "Although it can perform a lockdown, as previously stated, I'd recommend you address the warnings via policy, documentation and configuration management. This is how I use the tool."

Having said that, I would suspect it is related to PAM, in particular it could be the tally module, I've seen this on some versions of Linux.

Do you have any more information, e.g. OS version? Messages, etc. That way I can add handing to the script to prevent this happening.

Answer 2 · 2023-10-20T07:08:38.000Z

he knock my admin user from sudoers and tell login incorrerect non user non root

Answer 3 · 2023-10-20T07:10:40.000Z

it's Ubuntu 20.04.6 LTS i check logs no warn on sudo user etc

Answer 4 · 2023-10-29T20:23:57.000Z

I believe this may have been related to some OS version detection issues in system_auth_account_reset module.
I noticed a couple of OS version detection issue, which I've fixed.
I'm doing some updates and adding some feature. Once I'm done with this I'll do some more testing on Ubuntu for bugs.

Answer 5 · 2023-11-12T10:02:20.000Z

I managed to reproduce this issue. Earlier versions of the CIS recommendations for Ubuntu 22.04 recommended pam_tally2.so, then pam_failback.so in /etc/pam.d/common-auth, the correct module is pam_faillock.so. This can be resolved by commenting out the line with pam_tally2.so / pam_failback.so, or replacing it the module entry in the file with pam_faillock.so.

The module that performs this operation in lunar is audit_system_auth_account_reset.

I will do further testing before closing this issue