Detections
Analytics
PHTN-30-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128
Solution
Navigate to and open:/etc/pam.d/system-auth
Remove any existing 'pam_tally2.so' line and add the following line after the 'pam_unix.so' statement:
auth required pam_tally2.so deny=3 onerr=fail audit even_deny_root unlock_time=900 root_unlock_time=300
Navigate to and open:
/etc/pam.d/system-account
Remove any existing 'pam_tally2.so' line and add the following line after the 'pam_unix.so' statement:
account required pam_tally2.so onerr=fail audit
Note: On vCenter appliances, the equivalent file must be edited under '/etc/applmgmt/appliance', if one exists, for the changes to persist after a reboot.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y24M01_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 7.0 Photon OS v1r3
References: CAT|II, CCI|CCI-000044, CCI|CCI-002238, Rule-ID|SV-256479r887111_rule, STIG-ID|PHTN-30-000002, Vuln-ID|V-256479
Plugin: Unix
Control ID: 6779b6a0e46d026445d915a88fa61eda7afaf6adc2cee201cc83bf088d88a723