Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must disable accounts after three consecutive unsuccessful login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-766 | GEN000460 | SV-39815r1_rule | ECLO-1 ECLO-2 | Medium |
| Description |
|---|
| Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks. |
| STIG | Date |
|---|---|
| SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Details
| Check Text ( C-38685r1_chk ) |
|---|
| Verify RETRIES is set in the login file. # grep RETRIES /etc/default/login If RETRIES is not set or is more than 3, this is a finding. Verify the account locks after invalid login attempts. # grep LOCK_AFTER_RETRIES /etc/security/policy.conf If LOCK_AFTER_RETRIES is not set to YES, this is a finding. |
| Fix Text (F-33972r1_fix) |
|---|
| Set RETRIES to 3 in the /etc/default/login file. #vi /etc/default/login Set LOCK_AFTER_RETRIES to YES in the /etc/security/policy.conf file. #vi /etc/security/policy.conf |