STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must disable accounts after three consecutive unsuccessful login attempts.

DISA Rule

SV-220074r603266_rule

Vulnerability Number

V-220074

Group Title

SRG-OS-000021

Rule Version

GEN000460

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

Set RETRIES to 3 in the /etc/default/login file.
#vi /etc/default/login

Set LOCK_AFTER_RETRIES to YES in the /etc/security/policy.conf file.
#vi /etc/security/policy.conf

Check Contents

Verify RETRIES is set in the login file.

# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.

Verify the account locks after invalid login attempts.
# grep LOCK_AFTER_RETRIES /etc/security/policy.conf
If LOCK_AFTER_RETRIES is not set to YES, this is a finding.

Vulnerability Number

V-220074

Documentable

False

Rule Version

GEN000460

Severity Override Guidance

Verify RETRIES is set in the login file.

# grep RETRIES /etc/default/login
If RETRIES is not set or is more than 3, this is a finding.

Verify the account locks after invalid login attempts.
# grep LOCK_AFTER_RETRIES /etc/security/policy.conf
If LOCK_AFTER_RETRIES is not set to YES, this is a finding.

Check Content Reference

M

Target Key

4061

Comments