UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must disable accounts after three consecutive unsuccessful login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48245 SOL-11.1-040140 SV-61117r1_rule Medium
Description
Allowing continued access to accounts on the system exposes them to brute-force password-guessing attacks.
STIG Date
Solaris 11 X86 Security Technical Implementation Guide 2016-07-22

Details

Check Text ( None )
None
Fix Text (F-51853r1_fix)
The root role is required.

# pfedit /etc/default/login

Change the line:

#RETRIES=5

to read

RETRIES=3

pfedit /etc/security/policy.conf

Change the line containing

#LOCK_AFTER_RETRIES

to read:

LOCK_AFTER_RETRIES=YES


If a user has lock_after_retries set to "no", update the user's attributes using the command:

# usermod -K lock_after_retries=yes [username]