Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216100 | SOL-11.1-040160 | SV-216100r959010_rule | Medium |
Description |
---|
As an immediate return of an error message, coupled with the capability to try again, may facilitate automatic and rapid-fire brute-force password attacks by a malicious user. |
STIG | Date |
---|---|
Solaris 11 X86 Security Technical Implementation Guide | 2024-05-30 |
Check Text ( C-17338r372682_chk ) |
---|
Check the SLEEPTIME parameter in the /etc/default/login file. # grep ^SLEEPTIME /etc/default/login If the output is not SLEEPTIME=4 or more, this is a finding. |
Fix Text (F-17336r372683_fix) |
---|
The root role is required. # pfedit the /etc/default/login Locate the line containing: SLEEPTIME Change the line to read: SLEEPTIME=4 |