#%PAM-1.0
auth     required       pam_securetty.so # deny root login in evaluated config
auth     required       pam_tally.so deny=5 onerr=fail
auth     include        common-auth
auth     required       pam_nologin.so
account  include        common-account
account  required       pam_tally.so
password include        common-password
session  include        common-session
session  required       pam_loginuid.so require_auditd
