The delay between login prompts following a failed login attempt must be at least 4 seconds.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-768 | GEN000480 | SV-38839r1_rule | ECLO-1 ECLO-2 | Medium |
| Description |
|---|
| Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-37832r1_chk ) |
|---|
| Check the logindelay parameter. # more /etc/security/login.cfg OR #grep logindelay /etc/security/login.cfg | grep –v \* Verify the value of the logindelay variable is four or more in each stanza. If the value of logindelay is not four or more, this is a finding. |
| Fix Text (F-33091r1_fix) |
|---|
| Use vi or the chsec command to change the login delay time period. #chsec –f /etc/security/login.cfg –s default –a logindelay=4 OR # vi /etc/security/login.cfg Add logindelay = 4 to the default stanza. |