Check: GEN000460
Solaris 9 X86 STIG:
GEN000460
(in version v1 r9)
Title
The system must disable accounts after three consecutive unsuccessful login attempts. (Cat II impact)
Discussion
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
Check Content
Verify RETRIES is set in the login file. # grep RETRIES /etc/default/login If RETRIES is not set or is more than 3, this is a finding.
Fix Text
Set the RETRIES parameter to 3 in the /etc/default/login file. # vi /etc/default/login
Additional Identifiers
Rule ID: SV-39816r1_rule
Vulnerability ID: V-766
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000044 |
Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-7 |
Unsuccessful Logon Attempts |