UBTU-18-010033 – The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator.

Details

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

Satisfies: SRG-OS-000329-GPOS-00128

Solution

Configure the Ubuntu operating system to lock an account after three unsuccessful login attempts.

Edit the /etc/pam.d/common-auth file. The pam_tally2.so entry must be placed at the top of the ‘auth’ stack. So add the following line before the first ‘auth’ entry in the file.

auth required pam_tally2.so onerr=fail deny=3

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_18-04_LTS_V2R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-7a.
800-53|AC-7b.
CAT|II
CCI|CCI-000044
CCI|CCI-002238
CSCv6|16.7
Rule-ID|SV-219166r610963_rule
STIG-ID|UBTU-18-010033
STIG-Legacy|SV-109663
STIG-Legacy|V-100559
Vuln-ID|V-219166

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles