ESXi : set-account-lockout

Information

Set the count of maximum failed login attempts before the account is locked out

Multiple account login failures for the same account could possibly be a threat vector trying to brute force the system or cause denial of service. Such attempts to brute force the system should be limited by locking out the account after reaching a threshold.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html

Solution

From the vSphere Web Client select the host, click "Manage" -> "Settings" -> "System" -> "Advanced Sytem Settings". Enter "Security.AccountLockFailures" in the filter. Click edit and set the value for this parameter to 3.

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: VMware

Control ID: 8ff8d234a4e6f17d1748852c3939b7dec8d9d6ba24b50cfd5357d1826d659d40