Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-766 | GEN000460 | SV-38671r1_rule | ECLO-1 ECLO-2 | Medium |
Description |
---|
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks. |
STIG | Date |
---|---|
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Check Text ( C-36678r1_chk ) |
---|
# /usr/sbin/lsuser -a loginretries ALL | more Check all active accounts on the system for the maximum number of tries before the system will lock the account. If a user has values set to 0 or greater then 3, this is a finding. |
Fix Text (F-31633r1_fix) |
---|
Use the chsec command to configure the number of unsuccessful logins resulting in account lockout. # chsec -f /etc/security/user -s default -a loginretries=3 # chsec -f /etc/security/user -s |