UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must disable accounts after three consecutive unsuccessful login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-766 GEN000460 SV-39815r1_rule ECLO-1 ECLO-2 Medium
Description
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-12-07

Details

Check Text ( C-38685r1_chk )
Verify RETRIES is set in the login file.

# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.

Verify the account locks after invalid login attempts.
# grep LOCK_AFTER_RETRIES /etc/security/policy.conf
If LOCK_AFTER_RETRIES is not set to YES, this is a finding.
Fix Text (F-33972r1_fix)
Set RETRIES to 3 in the /etc/default/login file.
#vi /etc/default/login

Set LOCK_AFTER_RETRIES to YES in the /etc/security/policy.conf file.
#vi /etc/security/policy.conf