Detections
Analytics
ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.Solution
Configure AlmaLinux OS 9 to lock an account after a number of incorrect login attempts within 15 minutes using pam_faillock.First, enable the feature using the following command:
$ authselect enable-feature with-faillock
Then, add or uncomment the following line in the "/etc/security/faillock.conf" file:
fail_interval = 900
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R2_STIG.zip
Item Details
Audit Name: DISA CloudLinux AlmaLinux OS 9 STIG v1r2
References: CAT|II, CCI|CCI-000044, Rule-ID|SV-269149r1050031_rule, STIG-ID|ALMA-09-007720, Vuln-ID|V-269149
Plugin: Unix
Control ID: 9be19685ce03088acfcd68d8bf6a56f1abca9653cf33e51c272304c5204833ac