I very recently installed an Ubuntu VM to play with and decided I wanted to get a better understanding of faillock. I read the man pages for faillock and pam_faillock and felt like I followed the instructions, but based on my results I must have missed something.
I am running Ubuntu 20.04.4 LTS.These are the config file changes I made (based on the man pages)
$ grep -v '#' /etc/security/faillock.confdir = /var/run/faillockauditsilentdeny = 3fail_interval = 900unlock_time = 120$ grep faillock /etc/pam.d/loginauth required pam_faillock.so preauthauth [default=die] pam_faillock.so authfailaccount required pam_faillock.so$ sudo faillockfaillock: Error reading tally directory: No such file or directoryObviously I can create the tally directory. But I imagine that if I had done everything properly - something would have created it for me.
I went ahead just now and created it. I ssh'd to the host with a test account, and used a bad password 6 times, but it did not seem to do anything. The account did not get locked, and running faillock now outputs nothing.
I saw some mention in the pam.d config files of pam-auth-update. On a hunch, I went ahead and ran that just in case it is something that should be run when you update things in pam.d config files. But it did not seem to do anything useful.
Any ideas what I have missed? Thanks in advance.
---- updates
I touched a file for a user named the_dude and set its permissions to rw for the user.
$ ls -l /var/run/faillock/the_dudeWhen I ran sudo faillock --user the_dude , it outputs the basic heading now.
$ sudo faillock --user the_dudethe_dude:When Type Source ValidI notice though, that when I create some bad login attempts, that nothing is placed into the tally file.
Also, I rebooted the VM and found that some process went through and removed the tally files and directory.
So I believe I am missing a step somewhere that 'enables' this module - but I don't see anything in the man pages that says that anything like that is needed.
If it did not like something that was in my config, where would it dump log messages about it?
