AlmaLinux OS 9 must maintain an account lock until the locked account is manually released by an administrator; and not automatically after a set time.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

ID: SV-269153r1050035_rule
Version: ALMA-09-008160
Severity: Medium
References: CCI-002238
Updated: about 2 months ago

Remediation Templates

Configure AlmaLinux OS 9 to lock accounts until released by an administrator using pam_faillock.

First, enable the feature using the following command:

$ authselect enable-feature with-faillock
Then, add or uncomment the following line in the "/etc/security/faillock.conf" file:

unlock_time = 0

AlmaLinux OS 9 must maintain an account lock until the locked account is manually released by an administrator; and not automatically after a set time.

Description

Remediation Templates

A Manual Procedure