Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-768 | GEN000480 | SV-38839r1_rule | ECLO-1 ECLO-2 | Medium |
Description |
---|
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks. |
STIG | Date |
---|---|
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Check Text ( C-37832r1_chk ) |
---|
Check the logindelay parameter. # more /etc/security/login.cfg OR #grep logindelay /etc/security/login.cfg | grep -v \* Verify the value of the logindelay variable is 4 or more in each stanza. If the value of logindelay is not 4 or more, this is a finding. |
Fix Text (F-33091r1_fix) |
---|
Use vi or the chsec command to change the login delay time period. #chsec -f /etc/security/login.cfg -s default -a logindelay=4 OR # vi /etc/security/login.cfg Add logindelay = 4 to the default stanza. |