Description: The pam_faillock.so module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than deny consecutive failed authentications. It stores the failure records into per-user files in the tally directory. Rationale: Locking out user IDs after n unsuccessful consecutive login attempts mitigates brute force password attacks against your systems. Audit: Verify that faillock is enabled. Run the following command: # grep pam_faillock.so /etc/pam.d/password-auth /etc/pam.d/system-auth Fix: Run the following command to include the `with-faillock` option to the current authselect profile # authselect enable-feature with-faillock #authselect apply-changes

[yes/No]

Run the following command to include the `with-faillock` option to the current authselect profile # authselect enable-feature with-faillock #authselect apply-changes