Detections
Analytics
OL09-00-002416 - OL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
Information
By limiting the number of failed logon attempts the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005
Solution
Configure OL 9 to lock out the "root" account after a number of incorrect login attempts within 15 minutes using "pam_faillock.so" by enabling the feature using the following command:$ sudo authselect enable-feature with-faillock
Then edit the "/etc/security/faillock.conf" file as follows:
fail_interval = 900
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_9_V1R4_STIG.zip
Item Details
Audit Name: DISA Oracle Linux 9 STIG v1r4
Category: ACCESS CONTROL
References: 800-53|AC-7a., 800-53|AC-7b., CAT|II, CCI|CCI-000044, CCI|CCI-002238, Rule-ID|SV-271754r1091974_rule, STIG-ID|OL09-00-002416, Vuln-ID|V-271754
Plugin: Unix
Control ID: b7e0ab314c7c94f0f0f132a6e02ff14fe25787f623dbfb4282a3caaaf7683c9d