An administrator is analyzing a Linux server which was recently hacked.
Which of the following will the administrator use to find all unsuccessful login attempts?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is C. pam_tally2.
PAM (Pluggable Authentication Modules) is a security framework in Linux that provides a way to configure authentication mechanisms used by services and applications. The pam_tally2 module is used to keep track of login attempts for each user.
When a user attempts to log in, pam_tally2 checks the current tally count for that user and takes an appropriate action based on the tally count. The administrator can configure pam_tally2 to lock out a user's account after a certain number of unsuccessful login attempts.
To view the current tally count for a user, the administrator can use the pam_tally2 command with the -u option and the username as an argument. For example, pam_tally2 -u username.
In contrast, nsswitch is a Linux configuration file that determines the sources that are used for system databases, such as user accounts and passwords. faillock is a utility that allows administrators to configure rules for locking user accounts based on failed login attempts. passwd is a command used to change a user's password.
Therefore, the correct answer to find all unsuccessful login attempts in a Linux server that was recently hacked is the pam_tally2 module.