3.2.7 /etc/security/user - loginretries

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Defines the number of attempts a user has to login to the system before their account is disabled.

In setting the loginretries attribute, this ensures that a user can have a pre-defined number of attempts to get their password right, prior to locking the account.

Solution

In /etc/security/user, set the default stanza loginretries attribute to 3-

chsec -f /etc/security/user -s default -a loginretries=3

This means that a user will have 3 attempts to enter the correct password. This does not apply to the root user, which has its own stanza entry disabling this feature.

See Also

https://workbench.cisecurity.org/files/528