To configure the VMware Aria Operations appliances and the VMware Cloud Proxy appliances account lockout policy for the local account, decide on certain policy settings.
Setting |
Default |
Description |
---|---|---|
|
3 |
Maximum number of authentication failures before the account is locked |
|
0 |
Amount of time in seconds that the account remains locked |
|
600 |
Amount of time in seconds that the root account remains locked |
Procedure
- Log in to the primary VMware Aria Operations node by using a Secure Shell (SSH) client at <aria_operations_primary_node_fqdn> as root.
- Back up the /etc/security/faillock.conf file for the appliance by running the following command.
cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back
- Configure the maximum number of failed log-in attempts.
sed -i -E 's/deny = [-]?[0-9]+/deny = <your_value>/g' /etc/security/faillock.conf
- Configure the unlock time for the root account.
sed -i -E 's/root_unlock_time = [-]?[0-9]+/root_unlock_time = <your_value>/g' /etc/security/faillock.conf
- Configure the unlock time for all other local accounts.
sed -i -E 's/unlock_time = [-]?[0-9]+/unlock_time = <your_value>/g' /etc/security/faillock.conf
- Verify the values.
cat /etc/security/faillock.conf
Repeat the procedure for the remaining VMware Aria Operations appliances and the VMware Cloud Proxy appliances.