← Rules Catalog
mediumaccess-control
access-control-faillockLock accounts after failed authentication attempts
Accounts must be locked after a defined number of consecutive failed logon attempts to slow credential brute-forcing.
pamfaillockauthentication
Frameworks satisfied
- DISA STIG
- rhel9: RHEL-09-411045 · V-258041 · CAT II
- NIST 800-53
- AC-7
- CIS Benchmark
- 5.4.2
- PCI-DSS
- 8.3.4
Platforms
rhel 9+
Check
pam_faillock_configureddeny=3 even_deny_root
Remediation
authselect_featurewith-faillockpersisted to /etc/security/faillock.conf