Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-100569 | UBTU-18-010039 | SV-109673r1_rule | Low |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide | 2020-05-29 |
Details
| Check Text ( C-99427r2_chk ) |
|---|
| Check that Ubuntu operating system locks an account after three unsuccessful login attempts with the following: # grep pam_tally2 /etc/pam.d/common-auth auth required pam_tally2.so onerr=fail deny=3 If the command above does not return a pam_tally2.so line with both onerr=fail and deny=3 parameters, this is a finding. |
| Fix Text (F-106255r2_fix) |
|---|
| Configure the Ubuntu operating system to lock an account after three unsuccessful login attempts. Edit the /etc/pam.d/common-auth file and add the following line: auth required pam_tally2.so onerr=fail deny=3 |