From Solaris 11 X86 Security Technical Implementation Guide
Part of SRG-OS-000021
Associated with: CCI-000044
Allowing continued access to accounts on the system exposes them to brute-force password-guessing attacks.
Verify RETRIES is set in the login file. # grep ^RETRIES /etc/default/login If the output is not RETRIES=3 or fewer, this is a finding. Verify the account locks after invalid login attempts. # grep ^LOCK_AFTER_RETRIES /etc/security/policy.conf If the output is not LOCK_AFTER_RETRIES=YES, this is a finding. For each user in the system, use the command: # userattr lock_after_retries [username] to determine if the user overrides the system value. If the output of this command is "no", this is a finding.
The root role is required. # pfedit /etc/default/login Change the line: #RETRIES=5 to read RETRIES=3 pfedit /etc/security/policy.conf Change the line containing #LOCK_AFTER_RETRIES to read: LOCK_AFTER_RETRIES=YES If a user has lock_after_retries set to "no", update the user's attributes using the command: # usermod -K lock_after_retries=yes [username]
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer