Hi Team, Good day..!
In our environment, the bruteforce login attempts are controlled by using serevu daemon for 4 incorrect login attempts.
User gets locked and enabled after 5 minutes automatically.
The other way:
For some reason , the user is suspended manually on the servers ( for some audit compliance or so). The same user knowingly/unknowingly tries incorrect login attents for 4 times and 5 minutes after the user is enabling.which should not happen as that user should be suspended state only till we/admins unsupend it.
Coudl you please check the CAPIM desing prospective , is there any config item or token in seos.ini to mitigate this thing.
here the serevu config setting:
# tail /usr/seos/etc/serevu.cfg
;
; usrX*,DUNIX,30m
; usrX*,TRACE
;
; Ignore users that start with 'usrY'.
;
; usrY*,NONE
;
; ----------------------------------------------------------------------
*,DSECU,30m
=========================
There are 2 scenarios where a user account gets locked
1. user legitimately types the password incorrectly and is locked by serevu for 5 minutes
2. user is locked by an admin for some specific purpose but the user is able to regain access by tying an incorrect password 5 time in which case serevu locks the password again and then unlocks the password after 5 minutes without regard to the admin's locking.
Release : 14.0
There is no method right now for serevu to differentiate when a user is being locked out by an admin or when a password is truly different.
You could use other methods to workaround like locking the account though changing the shell as described below or to have the admins reset after re-enabling the account
Change the shell to nologin
# usermod -s /sbin/nologin [username]
This will look like this in the /etc/passwd file
user1:x:1001:1002:Sample User:/home/user:/bin/bash
to
user1:x:1001:1002:Sample User:/home/user:/sbin/nologin
By utilizing this method of locking a user account even when the account is unlocked through serevu the user cannot login and gat access.