Locked accounts (UNIX)

Module: Login Parameters

This check reports user accounts that are locked. If possible, it reports the reason that the account is locked. Use the Users/Groups name lists to exclude users that are not excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for Locked accounts

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_LOCKED Category: Policy Compliance	UNIX (5243)	Title: Locked accounts Description:This account is locked. Accounts are locked for the following reasons: 1. The password has expired. 2. The maximum number of unsuccessful login attempts has been exceeded. 3. The administrator lock is set. 4. The account expiration is reached. 5. The time since the last login is exceeded. If possible, the module will determine why the account is locked. You should investigate any locked account, especially if the maximum number of unsuccessful login attempts was reached.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_LOCKNOTSUP Category: Policy Compliance	UNIX (5250)	Title: Account locking not supported in non-trusted mode Description:The account locking feature is not an OS-supported feature on non-trusted systems. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_LOCKED

Category: Policy Compliance

UNIX (5243)

Title: Locked accounts

Description:This account is locked. Accounts are locked for the following reasons: 1. The password has expired. 2. The maximum number of unsuccessful login attempts has been exceeded. 3. The administrator lock is set. 4. The account expiration is reached. 5. The time since the last login is exceeded. If possible, the module will determine why the account is locked. You should investigate any locked account, especially if the maximum number of unsuccessful login attempts was reached.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_LOCKNOTSUP

Category: Policy Compliance

UNIX (5250)

Title: Account locking not supported in non-trusted mode

Description:The account locking feature is not an OS-supported feature on non-trusted systems. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]