Description: Lock out users after _n_ unsuccessful consecutive login attempts. - deny= - Number of attempts before the account is locked- unlock_time= - Time in seconds before the account is unlocked Set the lockout number and unlock time to follow local site policy. Rationale: Locking out user IDs after _n_ unsuccessful consecutive login attempts mitigates brute force password attacks against your systemsFix: Edit the /etc/security/faillock.conf and add the following: deny = 4 unlock_time = 600 fail_interva = 900 .

[600]

Edit the /etc/security/faillock.conf and add the following: deny = 4 unlock_time = 600 fail_interva = 900 Note:If a user has been locked out because they have reached the maximum consecutive failure count defined by deny= in the pam_faillock.so module, the user can be unlocked by issuing the command /usr/sbin/faillock --user username --reset . This command sets the failed count to 0, effectively unlocking the user.