ESXi : set-account-lockout

Information

Set the count of maximum failed login attempts before the account is locked out.
Multiple account login failures for the same account could possibly be a threat vector trying to brute force the system or cause denial of service. Such attempts to brute force the system should be limited by locking out the account after reaching a threshold.
http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html

Solution

From the vSphere Web Client select the host, click "Manage" -> "Settings" -> "System" -> "Advanced Sytem Settings". Enter "Security.AccountLockFailures" in the filter. Click edit and set the value for this parameter to 3.

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: VMware

Control ID: a1ef5516c534bacecb6f3cd938d40b842351aed6f87e6617266ea3c3f865f469