UCF STIG Viewer Logo

The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239074 PHTN-67-000002 SV-239074r675030_rule Medium
Description
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42285r675028_chk )
At the command line, execute the following command:

# grep pam_tally2 /etc/pam.d/system-auth|grep --color=always "deny=."

Expected result:

auth    required        pam_tally2.so file=/var/log/tallylog deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

If the output does not match the expected result, this is a finding.
Fix Text (F-42244r675029_fix)
Open /etc/pam.d/system-auth with a text editor.

Add the following line after the last auth statement:

auth    required        pam_tally2.so file=/var/log/tallylog deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300