STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.

DISA Rule

SV-239074r675030_rule

Vulnerability Number

V-239074

Group Title

SRG-OS-000021-GPOS-00005

Rule Version

PHTN-67-000002

Severity

CAT II

CCI(s)

CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.
CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

Fix Recommendation

Open /etc/pam.d/system-auth with a text editor.

Add the following line after the last auth statement:

auth required pam_tally2.so file=/var/log/tallylog deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

Check Contents

At the command line, execute the following command:

# grep pam_tally2 /etc/pam.d/system-auth|grep --color=always "deny=."

Expected result:

auth required pam_tally2.so file=/var/log/tallylog deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239074

Documentable

False

Rule Version

PHTN-67-000002

Severity Override Guidance

Check Content Reference

Target Key

5323

The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments