SV-220021r603265_rule
V-220021
SRG-OS-000021
GEN000460
CAT II
10
Set RETRIES to 3 in the /etc/default/login file.
#vi /etc/default/login
Set LOCK_AFTER_RETRIES to YES in the /etc/security/policy.conf file.
#vi /etc/security/policy.conf
Verify RETRIES is set in the login file.
# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.
Verify the account locks after invalid login attempts.
# grep LOCK_AFTER_RETRIES /etc/security/policy.conf
If LOCK_AFTER_RETRIES is not set to YES, this is a finding.
V-220021
False
GEN000460
Verify RETRIES is set in the login file.
# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.
Verify the account locks after invalid login attempts.
# grep LOCK_AFTER_RETRIES /etc/security/policy.conf
If LOCK_AFTER_RETRIES is not set to YES, this is a finding.
M
4060