PHTN-30-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.

Information

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128

Solution

Navigate to and open:

/etc/pam.d/system-auth

Remove any existing 'pam_tally2.so' line and add the following line after the 'pam_unix.so' statement:

auth required pam_tally2.so deny=3 onerr=fail audit even_deny_root unlock_time=900 root_unlock_time=300

Navigate to and open:

/etc/pam.d/system-account

Remove any existing 'pam_tally2.so' line and add the following line after the 'pam_unix.so' statement:

account required pam_tally2.so onerr=fail audit

Note: On vCenter appliances, the equivalent file must be edited under '/etc/applmgmt/appliance', if one exists, for the changes to persist after a reboot.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y24M01_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., 800-53|AC-7b., CAT|II, CCI|CCI-000044, CCI|CCI-002238, Rule-ID|SV-256479r887111_rule, STIG-ID|PHTN-30-000002, Vuln-ID|V-256479

Plugin: Unix

Control ID: 6779b6a0e46d026445d915a88fa61eda7afaf6adc2cee201cc83bf088d88a723