Before you configure the VMware Aria Automation appliances account lockout policy for the local account, decide on certain policy settings.
Setting |
Default |
Description |
---|---|---|
|
3 |
Maximum number of authentication failures before the account is locked |
|
600 |
Amount of time in seconds that the account remains locked |
|
600 |
Amount of time in seconds that the root account remains locked |
Procedure
- Log in to the primary VMware Aria Automation node by using a Secure Shell (SSH) client at <aria_automation_primary_node_fqdn>:22 as root.
Back up the /etc/security/faillock.conf file for the appliance by running the following command.
cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back
Configure the maximum number of failed log-in attempts by running the following command.
sed -i 's/^\s*#*\s*deny\s*=\s*[0-9]\+/deny=
<your_value>
/g' /etc/security/faillock.confConfigure the unlock time for the root account by running the following command.
sed -i 's/^\s*#*\s*root_unlock_time\s*=\s*[0-9]\+/root_unlock_time=
<your_value>
/g' /etc/security/faillock.confChange the unlock time for all other local accounts by running the following command.
sed -i 's/^\s*#*\s*unlock_time\s*=\s*[0-9]\+/unlock_time=
<your_value>
/g' /etc/security/faillock.confVerify the configuration of the desired values by running the following command.
cat /etc/security/faillock.conf
Repeat the procedure for the remaining VMware Aria Automation appliances.