PAM – Kevin Wells

HOME
Skills & Experience
Current Threats & Trends
Articles
- Identity & Access Management (IAM)Secure access with SSH keys, sudo, PAM, and cloud IAM roles.
- Automation & MonitoringStreamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
- Backups & DRProtect data and maintain continuity with resilient backup and recovery strategies.
- Cloud SecurityDefend AWS and hybrid environments with strong identity, policy, and monitoring controls.
- AI SecurityPractical security engineering for LLMs and autonomous agents – risks, controls, architectures, and incident playbooks.
- System HardeningSecure Linux systems through patching, CIS benchmarks, and OS lockdown.
- Tools & CheatsheetsPractical quick-reference guides for Linux and cloud security administrators.
Lab Projects
Resources
About
Contact

PAM hardening with faillock: lockouts, password and sudo policy

September 12, 2025September 25, 2025 by Admin

PAM hardening with faillock: lockouts, password policy, sudo hygiene Last updated: 20 Aug 2025 Goal: sensible lockouts (with audit), sane password policy for local accounts, and predictable sudo behaviour. Adjust paths for your distro. 1) faillock defaults # /etc/security/faillock.conf deny = 5 unlock_time = 600 even_deny_root audit 2) Enable faillock in PAM stacks Ubuntu/Debian (PAM … Read more

August 22, 2025August 22, 2025 by Admin

Pluggable Authentication Modules (PAM): Controlling Access in Linux Pluggable Authentication Modules (PAM) form the backbone of authentication and access control on most modern Linux systems. In my work, PAM is often overlooked or misunderstood. Administrators know it exists but rarely configure it beyond the defaults. That leaves opportunities for weak passwords, mismanaged access, and non-compliance. … Read more