Insert into a kick start, used to lock a user for 5 failed login attempts.
### locks user out after 5 fail login tries, with a 3 minute lockout time.
echo "auth required pam_tally.so onerr=fail deny= 5 unlock_time=3600" >> /etc/pam.d/system-auth
Now to unlock yourself if you mess up
To view locked accounts
pam_tally2 -u username -r
To reset username account
pam_tally2 -u username --reset
#Replace username with the actual username
Also, what if you need encryption setup, but you don't want to be bothered with a password everytime you boot. This is for development boxes only. As in this cancels out the security LUKS provides, but still allows you to see if encryption will affect your systems. Basically, if you want to lock down a machine in a production environment. DO NOT USE THIS CODE. I actually have a way to get around both, but can't publish it yet.
cd /boot/
mkdir tmp/ && cd tmp/
gunzip -c ../initrd-2.6.25-..... .img |cpio -id
echo -n "passphrase you choose" > passphrase
sed -i '103 s/$/ -d passphrase/' /boot/tmp/init
find . | cpio --create --format='newc' |gzip -c > ../initrd-2.6.25luks.img
#Ok, the gunzip part, you need to put in your initrd.img file.
#the passphrase is the one you set in the encryption. Also echo -n means no carriage return.
sed '103 = 103 line, it changes from machine setup to setup, so replace with the correct one. typically its line 110. $ means end of line.
Typically you want to create a new initrd.img file, so name it slightly different.
Now to boot this, you need to modify your grub file, I would add a new line, with the modified information. Reboot, and your machine should boot up without bugging you for a passphrase.
