Red Hat Enterprise Linux 9 • Release: 7 Benchmark Date: 05 Jan 2026
CAT II V-258054 RHEL-09-411075
RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur.
Discussion
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005
Check Procedure
Verify RHEL 9 is configured to lock an account after three unsuccessful logon attempts with the command: $ grep 'deny =' /etc/security/faillock.conf deny = 3 If the "deny" option is not set to "3" or less (but not "0"), is missing or commented out, this is a finding.
Fix Action
Configure RHEL 9 to lock an account when three unsuccessful logon attempts occur. Add/modify the "/etc/security/faillock.conf" file to match the following line: deny = 3