2.2 Identity Management

bashrc - Hidden file within each users home directory executed for non-login shells. Often stores aliases and other customization. Here is an example of mine.

# Useful aliases
alias home='cd ~'
alias cd..='cd ..'
alias ..='cd ..'
alias ...='cd ../..'

# Set vi mode instead of default emacs based bash commands
set -o vi

# Get weather from the terminal
alias wtr="curl wttr.in"

# Starship faunt
eval "$(starship init bash)"

bash_profile or profile - Another hidden file in a users home directory executed for login shells. Instead of the bashrc which will run every time you open a terminal, this will only run once when you login.

Keep in mind there is also system wide profile and bashrc files located within /etc for all users.

/etc/login.defs - where commands like useradd, usermod, groupadd and others take values, such as min and max value for user or group id. Other functions like password aging controls, login retry attempts, and permissions/mode of new home directories with umask. Some functions like login retry attempts can be overridden by PAM and others obsoleted.

pam_tally2 - pam_tally2 has been deprecated in PAM 1.5.0 (2020) in favor of pam_faillock

faillock is a module for locking out users after failed attempts. It is configured in /etc/security/faillock.conf. Here you can adjust number of attempts and length of lockout time.

In this setup, 3 failed login attempts within 15 minutes of each other will lock that user out for 10 minutes.

deny = 3

# The default is 900 (15 minutes).
fail_interval = 900

# The default is 600 (10 minutes).
unlock_time = 600