During an incident response you discover that the account "devops" has been locked by the pam_tally2.so module after too many failed SSH logins. You want to display the current failed-attempt counter for that user and immediately unlock the account without touching the counters for other users. Which single command, executed as root, accomplishes this task?
The pam_tally2 command is used to inspect and manipulate the failed-login counters maintained by pam_tally2.so.
The --user (or -u) option restricts the operation to a single user, while omitting it affects every user recorded in /var/log/tallylog.
The --reset (or -r) option clears that user's counter (and, when run without --quiet, prints the tally before it is reset).
Therefore pam_tally2 --user devops --reset both shows the current count and unlocks only the devops account. The other choices are incorrect:
Using pam_tally2 --reset would wipe counters for all accounts.
faillock --user devops --reset interacts with the faillock subsystem, not pam_tally2.
passwd -u devops simply clears the password-lock flag; it does not reset or display pam_tally2 counters.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is pam_tally2?
Open an interactive chat with Bash
How does pam_tally2 differ from faillock?
Open an interactive chat with Bash
Why is the --user option important in pam_tally2?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access