Applying the secure_linux_cis::rules::ensure_lockout_for_failed_password_attempts_is_configured rule causes all logins to be denied, because pam_tally2.so is not found.
pam_tally2.so is not available in Debian 11 (stable) and later, instead pam_faillock.so should be used.
Applying the
secure_linux_cis::rules::ensure_lockout_for_failed_password_attempts_is_configuredrule causes all logins to be denied, becausepam_tally2.sois not found.pam_tally2.sois not available in Debian 11 (stable) and later, insteadpam_faillock.soshould be used.