Detections
Analytics
AZLX-23-002460 - Amazon Linux 2023 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
Information
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.Solution
Configure Amazon Linux 2023 to lock out the "root" account after a number of incorrect login attempts using "pam_faillock.so", first enable the feature using the following command:$ sudo authselect enable-feature with-faillock
Then edit the "/etc/security/faillock.conf" file as follows:
add or uncomment the following line:
even_deny_root
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip
Item Details
Audit Name: DISA Amazon Linux 2023 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-7b., CAT|II, CCI|CCI-002238, Rule-ID|SV-274155r1120453_rule, STIG-ID|AZLX-23-002460, Vuln-ID|V-274155
Plugin: Unix
Control ID: d2b1282a0c752c0a015c6e487546374adc7ef719809be2331d6907b7f3be3c71