To configure the HCX Connector appliance account lockout policy for the local account, decide on certain policy settings.

Table 1. Default Account Lockout Policy for the HCX Connector Appliance

Setting

Default

Description
deny 3 Maximum number of authentication failures before the account is locked
unlock_time 86400 Amount of time in seconds that the account remains locked
root_unlock_time 300 Amount of time in seconds that the root account remains locked

Procedure

  1. Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
  2. Switch to the root user by running the command.
    su -
  3. Back up the /etc/security/faillock.conf file by running the following command.
    cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back

  4. Configure the maximum number of failed log-in attempts by running the following command.

    sed -i 's/^\s*#*\s*deny\s*=\s*[0-9]\+/deny=<your_value>/g' /etc/security/faillock.conf

  5. Configure the unlock time for the root account by running the following command.

    sed -i 's/^\s*#*\s*root_unlock_time\s*=\s*[0-9]\+/root_unlock_time=<your_value>/g' /etc/security/faillock.conf
  6. Change the unlock time for all other local accounts by running the following command.
    sed -i 's/^\s*#*\s*unlock_time\s*=\s*[0-9]\+/unlock_time=<your_value>/g' /etc/security/faillock.conf

  7. Verify the configuration of the desired values by running the following command.

    cat /etc/security/faillock.conf

  8. Repeat the procedure for any other HCX Connector appliances.