Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing the Exadata Storage Servers » Hardening the Storage Server Security ... » Configure a Failed Authentication Lock Delay

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Log into the Storage Server OS

Change Storage Server Passwords

Determine the Exadata Storage Server Software Version

Default Exposed Network Services (Storage Servers)

Hardening the Storage Server Security Configuration

Security Configuration Restrictions

Display Available Security Configurations With host_access_control

Configure a System Boot Loader Password

Disable Oracle ILOM System Console Access

Restrict Remote root Access Using SSH

Configure System Account Lockout

Configure Password Complexity Rules

Configure a Password History Policy

Configure a Failed Authentication Lock Delay

Configure Password Aging Control Policies

Configure the Administrative Interface Inactivity Timeout (Login Shell)

Configure the Administrative Interface Inactivity Timeout (Secure Shell)

Configure a Login Warning Banner (Storage Server)

Limiting Remote Network Access

Additional Storage Server Resources

Securing the IB and Ethernet Switches

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Configure a Failed Authentication Lock Delay

By default, the storage servers implement a policy where a system account is locked for 10 minutes after any single failed authentication attempt.

To change this threshold, perform this procedure.

Log into the storage server as celladmin.
See Log into the Storage Server OS.

View the current setting.

# /opt/oracle.cellos/host_access_control pam-auth --status | grep lock_time=

Change the threshold.
To comply with U.S. Department of Defense security requirements, set the value to 4 seconds. If necessary, replace that value with one that is compliant with your local site policies.
```
# /opt/oracle.cellos/host_access_control pam-auth --lock 4
```

To verify the setting, repeat Step 2.

Copyright © 2020, Oracle and/or its affiliates.