TimeZoneを日本時間に設定します。
Rocky Linux 8の時刻設定にはtimedatectlコマンドを利用します。
#設定前の確認
[root@sv-cacti-01 ~]# timedatectl
Local time: Sat 2023-07-22 03:41:48 UTC
Universal time: Sat 2023-07-22 03:41:48 UTC
RTC time: Sat 2023-07-22 03:41:47
Time zone: UTC (UTC, +0000)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
※初期状態でglibc-all-langpacks-2.28-211.el8.x86_64がインストールされています。Rocky Linux 9ではglibc-all-langpacksがインストールされていません。日本語化実施時はglibc-all-langpacksかglibc-langpack-jaを個別にインストールする必要があります。
#現在の設定を確認
[root@sv-cacti-01 ~]# authselect current プロファイル ID: sssd 有効な機能: なし
#アカウントロック機能有効化
[root@sv-cacti-01 security]# authselect enable-feature with-faillock Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.
# Will log the user name into the system log if the user is not found. # Enabled if option is present.
audit
# Only track failed user authentications attempts for local users # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. # The `faillock` command will also no longer track user failed # authentication attempts. Enabling this option will prevent a # double-lockout scenario where a user is locked out locally and # in the centralized mechanism. # Enabled if option is present.
local_users_only
# Deny access if the number of consecutive authentication failures # for this user during the recent interval exceeds n tries. # The default is 3.
deny = 3
# The length of the interval during which the consecutive # authentication failures must happen for the user account # lock out is <replaceable>n</replaceable> seconds. # The default is 900 (15 minutes).
fail_interval = 300
# The access will be reenabled after n seconds after the lock out. # The value 0 has the same meaning as value `never` – the access # will not be reenabled without resetting the faillock # entries by the `faillock` command. # The default is 600 (10 minutes).
unlock_time = 300
# Root account can become locked as well as regular accounts. # Enabled if option is present.
even_deny_root
# This option implies the `even_deny_root` option. # Allow access after n seconds to root account after the # account is locked. In case the option is not specified # the value is the same as of the `unlock_time` option. root_unlock_time = 300