Detections
Analytics
GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts.
Information
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.Solution
Use the chsec command to configure the number of unsuccessful logins resulting in account lockout.# chsec -f /etc/security/user -s default -a loginretries=3
# chsec -f /etc/security/user -s <user id> -a loginretries=3
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-7, CAT|II, CCI|CCI-000044, Rule-ID|SV-38671r1_rule, STIG-ID|GEN000460, Vuln-ID|V-766
Plugin: Unix
Control ID: 526c70057e319b400baab889846171c303832ffd6f6ba0db896f3fe0024ffa0e