Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing the Exadata Storage Servers » Hardening the Storage Server Security ... » Configure System Account Lockout

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Log into the Storage Server OS

Change Storage Server Passwords

Determine the Exadata Storage Server Software Version

Default Exposed Network Services (Storage Servers)

Hardening the Storage Server Security Configuration

Security Configuration Restrictions

Display Available Security Configurations With host_access_control

Configure a System Boot Loader Password

Disable Oracle ILOM System Console Access

Restrict Remote root Access Using SSH

Configure System Account Lockout

Configure Password Complexity Rules

Configure a Password History Policy

Configure a Failed Authentication Lock Delay

Configure Password Aging Control Policies

Configure the Administrative Interface Inactivity Timeout (Login Shell)

Configure the Administrative Interface Inactivity Timeout (Secure Shell)

Configure a Login Warning Banner (Storage Server)

Limiting Remote Network Access

Additional Storage Server Resources

Securing the IB and Ethernet Switches

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Configure System Account Lockout

By default, the storage servers are configured to lock system accounts after five consecutive failed authentication attempts.

To change this threshold, perform this procedure.

Log into the storage server as celladmin.
See Log into the Storage Server OS.

Change the threshold.
To comply with U.S. Department of Defense security requirements, specify a value of 3. If necessary, replace that value with one that is compliant with your local site policy.
```
# /opt/oracle.cellos/host_access_control pam-auth --deny 3
```

Verify the setting.

# /opt/oracle.cellos/host_access_control pam-auth --status | grep deny=

Copyright © 2020, Oracle and/or its affiliates.