Common Controls Hub
The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
Check Text ( C-89567r1_chk )
Verify the SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt.
Verify the use of the "pam_faildelay" module.
# grep pam_faildelay /etc/pam.d/common-auth*
The typical configuration looks something like this:
#delay is in micro seconds
auth required pam_faildelay.so delay=4000000
If the line is not present, this is a finding.
Fix Text (F-96617r2_fix)
Configure the SLES for vRealize to enforce a delay of at least "4" seconds between logon prompts following a failed logon attempt with the following command:
# sed -i "/^[^#]*pam_faildelay.so/ c\auth required pam_faildelay.so delay=4000000" /etc/pam.d/common-auth-vmware.local