The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256479 | SRG-OS-000021-GPOS-00005 | PHTN-30-000002 | SV-256479r958388_rule | 2024-12-16 | 1 |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128 |
| ℹ️ Check |
|---|
| At the command line, run the following commands: # grep pam_tally2 /etc/pam.d/system-auth Expected result: auth required pam_tally2.so deny=3 onerr=fail audit even_deny_root unlock_time=900 root_unlock_time=300 # grep pam_tally2 /etc/pam.d/system-account Expected result: account required pam_tally2.so onerr=fail audit If the output does not list the "pam_tally2" options as configured in the expected results, this is a finding. |
| ✔️ Fix |
|---|
| Navigate to and open: /etc/pam.d/system-auth Remove any existing "pam_tally2.so" line and add the following line after the "pam_unix.so" statement: auth required pam_tally2.so deny=3 onerr=fail audit even_deny_root unlock_time=900 root_unlock_time=300 Navigate to and open: /etc/pam.d/system-account Remove any existing "pam_tally2.so" line and add the following line after the "pam_unix.so" statement: account required pam_tally2.so onerr=fail audit Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot. |