AIX7-00-001003 - AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.

Information

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128

Solution

From the command prompt, execute the following command to configure the number of unsuccessful logins resulting in account lockout for 'default:' stanza in '/etc/security/user' file:
# chsec -f /etc/security/user -s default -a loginretries=3

From the command prompt, execute the following command to configure the number of unsuccessful logins resulting in account lockout for all users who have loginretries values that are 0 or greater than 3:
# chsec -f /etc/security/user -s [user_name] -a loginretries=3

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R5_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., 800-53|AC-7b., CAT|II, CCI|CCI-000044, CCI|CCI-002238, Rule-ID|SV-215171r508663_rule, STIG-ID|AIX7-00-001003, STIG-Legacy|SV-101319, STIG-Legacy|V-91219, Vuln-ID|V-215171

Plugin: Unix

Control ID: b9e7c8adca2deb64106b79fe8875b5827afdcf0f49e392b0def7bba3787d7dd1