CentOS利用pam限制失败次数锁定

修改配置：
/etc/pam.d/system-auth //配置被/etc/pam.d/login引用，限制telnet以及终端登录
/etc/pam.d/password-auth //配置被/etc/pam.d/sshd引用，限制ssh登录

增加如下两行配置到配置文件，注意配置信息的位置，影响生效：
auth        required      pam_tally2.so deny=3 onerr=fail
account     required      pam_tally2.so

配置示例：
auth        required      pam_env.so
auth        required      pam_tally2.so deny=3 onerr=fail
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so
account     required      pam_tally2.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

参考链接：
https://www.golinuxhub.com/2018/08/how-to-lock-or-unlock-root-normal-user-pamtally2-pamfaillock-linux/