RHEL-10-600415 - RHEL 10 must automatically lock the root account until the root account is released by an administrator when three unsuccessful login attempts occur during a 15-minute time period.

Information

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, also known as brute-forcing, is reduced. Limits are imposed by locking the account.

Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005

Solution

Configure RHEL 10 to lock out the "root" account after a number of incorrect login attempts using "pam_faillock.so".

Enable the feature using the following command:

$ sudo authselect enable-feature with-faillock

Edit the "/etc/security/faillock.conf" by uncommenting or adding the following line:

even_deny_root

Item Details

Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1

Category: ACCESS CONTROL

Plugin: Unix

Control ID: 8198f0a45f12bdad6afd053be6d2716b43153eade9710161d0b9ba96a46503ad

Detections

Analytics

RHEL-10-600415 - RHEL 10 must automatically lock the root account until the root account is released by an administrator when three unsuccessful login attempts occur during a 15-minute time period.

Information

Solution

See Also

Item Details