Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The delay between login prompts following a failed login attempt must be at least 4 seconds.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-768 | GEN000480 | SV-44838r1_rule | Medium |
| Description |
|---|
| Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Details
| Check Text ( C-42309r1_chk ) |
|---|
| Check the value of the FAIL_DELAY variable and the ability to use it Procedure:. # grep FAIL_DELAY /etc/login.defs If the value does not exist, or is less than 4, this is a finding. Check for the use of pam_faildelay. # grep pam_faildelay /etc/pam.d/common-auth* If the pam_faildelay.so module is not listed, this is a finding. |
| Fix Text (F-38275r1_fix) |
|---|
| Add the pam_faildelay module and set the FAIL_DELAY variable. Procedure: Edit /etc/login.defs and set the value of the FAIL_DELAY variable to 4 or more. Edit /etc/pam.d/common-auth and add a pam_faildelay entry if one does not exist, such as: auth optional pam_faildelay.so |