Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-89871 | VRAU-SL-001515 | SV-100521r1_rule | Medium |
Description |
---|
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2018-10-12 |
Check Text ( C-89563r1_chk ) |
---|
Check the value of the "FAIL_DELAY" variable and the ability to use it: # grep FAIL_DELAY /etc/login.defs The following result should be displayed: FAIL_DELAY 4 If the value does not exist, or is less than "4", this is a finding. Check for the use of "pam_faildelay": # grep pam_faildelay /etc/pam.d/common-auth* The following result should be displayed: /etc/pam.d/common-auth:auth optional pam_faildelay.so If the "pam_faildelay.so" module is not listed or is commented out, this is a finding. |
Fix Text (F-96613r1_fix) |
---|
Add the "pam_faildelay" module and set the "FAIL_DELAY" variable. Edit "/etc/login.defs" and set the value of the "FAIL_DELAY" variable to "4" or more. Edit "/etc/pam.d/common-auth" and add a "pam_faildelay" entry if one does not exist, such as: auth optional pam_faildelay.so |