OL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-271754	OL09-00-002416	SV-271754r1091974_rule	CCI-002238	medium
Description
By limiting the number of failed logon attempts the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005
STIG			Date
Oracle Linux 9 Security Technical Implementation Guide			2025-05-08

Related Frameworks

3 paths across 3 frameworks

NIST 800-531 mapping

AC-7

1.00

DISA · 1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1711 mapping

3.1.8

1.00

DISA · 1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-002238

1.00

DISA · 1 · disa_xccdf · related

Details

Check Text (C-271754r1091974_chk)

Note: If the system administrator demonstrates the use of an approved centralized account management method that locks an account after three unsuccessful logon attempts within a period of 15 minutes, this requirement is Not Applicable. Verify that OL 9 locks an account after three unsuccessful logon attempts within a period of 15 minutes with the following command: $ grep fail_interval /etc/security/faillock.conf fail_interval = 900 If the "fail_interval" option is not set to "900" or less (but not "0"), the line is commented out, or the line is missing, this is a finding.

Fix Text (F-75711r1091973_fix)

Configure OL 9 to lock out the "root" account after a number of incorrect login attempts within 15 minutes using "pam_faillock.so" by enabling the feature using the following command: $ sudo authselect enable-feature with-faillock Then edit the "/etc/security/faillock.conf" file as follows: fail_interval = 900