v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub

Control: 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour

Description

RAM password policies can temporarily block logon after several incorrect logon attempts within an hour. It is recommended that the password policy is set to temporarily block logon after 5 incorrect logon attempts within an hour.

Remediation

Perform the following to set the password policy as expected:

From Console

  1. Logon to RAM console.
  2. Choose Identities > Settings.
  3. In the Password Strength Settings section, click Edit Password Rule.
  4. In the Password Retry Constraint Policy field, enter <5> or a smaller number.
  5. Click OK.

From Command Line

aliyun ram SetPasswordPolicy --MaxLoginAttemps 5

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_14

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_14 --share

SQL

This control uses a named query:

ram_password_policy_max_login_attempts_5

Tags

category = Compliance
cis = true
cis_item_id = 1.14
cis_level = 1
cis_section_id = 1
cis_type = automated
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/RAM