UBTU-18-010033 - The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
Satisfies: SRG-OS-000329-GPOS-00128

Solution

Configure the Ubuntu operating system to lock an account after three unsuccessful login attempts.

Edit the /etc/pam.d/common-auth file. The pam_tally2.so entry must be placed at the top of the 'auth' stack. So add the following line before the first 'auth' entry in the file.

auth required pam_tally2.so onerr=fail deny=3

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_18-04_LTS_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7, CAT|II, CCI|CCI-000044, CCI|CCI-002238, CSCv6|16.7, Rule-ID|SV-219166r610963_rule, STIG-ID|UBTU-18-010033, STIG-Legacy|SV-109663, STIG-Legacy|V-100559, Vuln-ID|V-219166

Plugin: Unix

Control ID: 541adc2c910b57c7ffba28c248b308ab18f6998693a464272ef3a866c8f3c49e