UCF STIG Viewer Logo

The system must disable accounts after three consecutive unsuccessful login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-766 GEN000460 SV-39816r1_rule ECLO-1 ECLO-2 Medium
Description
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-38686r1_chk )
Verify RETRIES is set in the login file.

# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.
Fix Text (F-33973r1_fix)
Set the RETRIES parameter to 3 in the /etc/default/login file.

# vi /etc/default/login