AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.

An XCCDF Rule

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128

ID: SV-215171r958388_rule
Version: AIX7-00-001003
Severity: Medium
References: CCI-000044 CCI-002238
Updated: 24 days ago

Remediation Templates

From the command prompt, execute the following command to configure the number of unsuccessful logins resulting in account lockout for "default:" stanza in "/etc/security/user" file:
# chsec -f /etc/security/user -s default -a loginretries=3 

From the command prompt, execute the following command to configure the number of unsuccessful logins resulting in account lockout for all users who have loginretries values that are 0 or greater than 3:
# chsec -f /etc/security/user -s [user_name] -a loginretries=3

AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.

Description

Remediation Templates

A Manual Procedure