To configure the VMware Aria Operations for Networks account lockout policy for local user accounts, configure these specific policy settings.

Table 1. Default Account Lockout Policy for VMware Aria Operations for Logs

Setting

Default

Description

deny

3

Maximum number of authentication failures before the account is locked.

unlock_time

0

Amount of time in seconds that the account remains locked.

root_unlock_time

600

Amount of time in seconds that the root account remains locked.

UI Procedure

  1. Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .
  2. Back up the /etc/security/faillock.conf file for the appliance by running the following command.
    cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back
  3. Configure the maximum number of failed log-in attempts.
    sed -i -E 's/deny = [-]?[0-9]+/deny = <your_value>/g' /etc/security/faillock.conf

  4. Configure the unlock time for all other local accounts.

    sed -i -E 's/unlock_time = [-]?[0-9]+/unlock_time = <your_value>/g' /etc/security/faillock.conf

  5. Configure the unlock time for the root account.

    sed -i -E 's/root_unlock_time = [-]?[0-9]+/root_unlock_time = <your_value>/g' /etc/security/faillock.conf
  6. Verify the values.
    cat /etc/security/faillock.conf

  7. Repeat the procedure for the remaining VMware Aria Operations for Logs appliances.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code and run the commands.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" 
$sddcManagerUser = "[email protected]" 
$sddcManagerPass = "VMw@re1!" 

$maxFailures = "5" 
$unlockInterval = "900" 
$rootUnlockInterval = "900"
  3. To get the current configuration, run the command.
    Request-AriaLocalUserAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vrli

  4. To configure the local user account lockout policy, run the command.

    Update-AriaLocalUserPasswordAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vrli -failures $maxFailures -unlockInterval $unlockInterval -rootUnlockInterval $rootUnlockInterval

  5. Run the command in Step 3 to get the updated configuration.