Accounts can be locked (UNIX)

Module: Account Integrity

This check reports user accounts that can be locked due to consecutive unsuccessful login attempts because the maximum number of retry failures is not set to 0. Note that this check is not intended for normal user accounts but only for system accounts, such as root. The check is supported only on AIX 4.x+, Linux, Solaris 8+, HPUX 10.x+, and OSF1 operating systems. The name list lets you specify the accounts that are examined by the check (the Users to check option does not apply).

The following table lists the error messages for the check.

Table: Error messages for Accounts can be locked

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_ACCOUNT_LOCKED_OUT

Category: ESM Administrative Information

UNIX (5172)

Title: Accounts can be locked out

Description:The listed accounts will be locked if consecutive unsuccessful login attempts exceed a maximum number of retry failures that is greater than "0." To prevent the root account from being locked, set the maximum number of login retries to "0" for the root user.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NOTSUPPORT_LOCKED_ACCOUNTS

Category: ESM Administrative Information

UNIX (5181)

Title: Accounts can be locked out not supported

Description:The agent does not support the check for Accounts can be locked out.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]