STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 9 Security Technical Implementation Guide

V-271842

CAT II (Medium)

OL 9 must ensure account lockouts persist.

Rule ID

SV-271842r1092238_rule

STIG

Oracle Linux 9 Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000044

Discussion

Having lockouts persist across reboots ensures that account is only unlocked by an administrator. If the lockouts did not persist across reboots, an attacker could simply reboot the system to continue brute force attacks against the accounts on the system.

Check Content

Verify that OL 9 ensures that account lockouts persist.

Verify the "/etc/security/faillock.conf" file is configured use a nondefault faillock directory to ensure contents persist after reboot with the following command:

$ grep 'dir =' /etc/security/faillock.conf
dir = /var/log/faillock

If the "dir" option is not set to a nondefault documented tally log directory, is missing or commented out, this is a finding.

Fix Text

Configure OL 9 maintain the contents of the faillock directory after a reboot.

Add/modify the "/etc/security/faillock.conf" file to match the following line:

dir = /var/log/faillock