Detections
Analytics
RHEL-10-600430 - RHEL 10 must ensure account lockouts persist.
Information
Having lockouts persist across reboots ensures that an account is unlocked only by an administrator. If the lockouts did not persist across reboots, an attacker could reboot the system to continue brute force attacks against the accounts on the system.Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128
Solution
Configure RHEL 10 to maintain the contents of the "faillock" directory after a reboot.Add/modify the "/etc/security/faillock.conf" file to match the following line:
dir = /var/log/faillock
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-7a., 800-53|AC-7b., CAT|II, CCI|CCI-000044, CCI|CCI-002238, Rule-ID|SV-281198r1166546_rule, STIG-ID|RHEL-10-600430, Vuln-ID|V-281198
Plugin: Unix
Control ID: 011c362d0ad8fa16883046cf4bee86dc8361ced9047dc12c4371c12a80c5d6b2