The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.

An XCCDF Rule

Description

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128

ID: SV-256479r958388_rule
Version: PHTN-30-000002
Severity: Medium
References: CCI-000044 CCI-002238
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/pam.d/system-auth

Remove any existing "pam_tally2.so" line and add the following line after the "pam_unix.so" statement:
auth       required pam_tally2.so deny=3 onerr=fail audit even_deny_root unlock_time=900 root_unlock_time=300

Navigate to and open:

/etc/pam.d/system-account

Remove any existing "pam_tally2.so" line and add the following line after the "pam_unix.so" statement:

account    required pam_tally2.so onerr=fail audit

Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.

The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.

Description

Remediation Templates

A Manual Procedure