Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must disable accounts after three consecutive unsuccessful login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-766 | GEN000460 | SV-44834r1_rule | Medium |
| Description |
|---|
| Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Details
| Check Text ( C-42305r1_chk ) |
|---|
| Check the pam_tally configuration. # more /etc/pam.d/login Confirm the following line is configured, before the "common-auth” file is included: auth required pam_tally.so deny=3 onerr=fail # more /etc/pam.d/sshd Confirm the following line is configured, before the "common-auth” file is included: auth required pam_tally.so deny=3 onerr=fail If no such line is found, this is a finding. |
| Fix Text (F-38271r1_fix) |
|---|
| Edit /etc/pam.d/login and/or /etc/pam.d/sshd and add the following line, before the "common-auth" file is included: auth required pam_tally.so deny=3 onerr=fail |