Solaris 11 X86 STIG Version Comparison

There are 1 differences between versions v3 r2 (Jan. 30, 2025) (the "left" version) and v3 r4 (Jan. 5, 2026) (the "right" version).

Check SOL-11.1-040340 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Consecutive login attempts for SSH must be limited to 3.

Check Content

Determine if consecutive login attempts are limited to 3. # 3, and that they are logged. # grep "^MaxAuthTries" /etc/ssh/sshd_config /etc/ssh/sshd_config If | grep -v Log If the output of this command is not not: MaxAuthTries "MaxAuthTries 6 this 6" and "MaxAuthTriesLog 6" this is a finding. Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.

Discussion

Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limits the speed of such brute-force attacks.

Fix

The root role is required. Modify the sshd_config file. # pfedit /etc/ssh/sshd_config Locate the line lines containing: MaxAuthTries Change containing: MaxAuthTries MaxAuthTriesLog Change it them to: MaxAuthTries 6 MaxAuthTriesLog 6 Restart the SSH service. # svcadm restart svc:/network/ssh Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.