User suspension and unsuspension ( serevu daemon ) settings
search cancel

User suspension and unsuspension ( serevu daemon ) settings

book

Article ID: 260252

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Hi Team, Good day..!

In our environment, the bruteforce login attempts are controlled by using serevu daemon for 4 incorrect login attempts.

User gets locked and enabled after 5 minutes automatically.

The other way:

For some reason , the user is suspended manually on the servers ( for some audit compliance or so).  The same user knowingly/unknowingly tries incorrect login attents for 4 times and 5 minutes after the user is enabling.which should not happen as that user should be suspended state only till we/admins unsupend it.

Coudl you please check the CAPIM desing prospective , is there any config item or token in seos.ini to mitigate this thing.

here the serevu config setting:

# tail /usr/seos/etc/serevu.cfg
;
;    usrX*,DUNIX,30m
;    usrX*,TRACE
;
;   Ignore users that start with 'usrY'.
;
;    usrY*,NONE
;
; ----------------------------------------------------------------------
*,DSECU,30m

=========================

 

There are 2 scenarios where a user account gets locked

1. user legitimately types the password incorrectly and is locked by serevu for 5 minutes

2. user is locked by an admin for some specific purpose but the user is able to regain access by tying an incorrect password 5 time in which case serevu locks the password again and then unlocks the password after 5 minutes without regard to the admin's locking.

 

Environment

Release : 14.0

Resolution

There is no method right now for serevu to differentiate when a user is being locked out by an admin or when a password is truly different.

 

You could use other methods to workaround like locking the account though changing the shell as described below or to have the admins reset after re-enabling the account

Change the shell to nologin

# usermod -s /sbin/nologin [username]

This will look like this in the /etc/passwd file

user1:x:1001:1002:Sample User:/home/user:/bin/bash

                             to

user1:x:1001:1002:Sample User:/home/user:/sbin/nologin

 

By utilizing this method of locking a user account even when the account is unlocked through serevu the user cannot login and gat access.

 

 

Powered by Wolken Software