The SLES for vRealize must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240347	VRAU-SL-000025	SV-240347r670782_rule		Medium

Description
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

STIG	Date
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide	2021-06-24

Details

Check Text ( C-43580r670780_chk )
Run the following command to ensure that the operating system enforces the limit of three consecutive invalid logon attempts by a user: # grep pam_tally2.so /etc/pam.d/common-auth The output should contain "deny=3" in the returned line. If this is not the case, this is a finding. Expected Result: auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

Check Text ( C-43580r670780_chk )

Run the following command to ensure that the operating system enforces the limit of three consecutive invalid logon attempts by a user:

# grep pam_tally2.so /etc/pam.d/common-auth

The output should contain "deny=3" in the returned line.

If this is not the case, this is a finding.

Expected Result:
auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

Fix Text (F-43539r670781_fix)
To configure the SLES for vRealize to enforce the limit of three consecutive invalid attempts using "pam_tally2.so", modify the content of the /etc/pam.d/common-auth-vmware.local by running the following command: # sed -i "/^[^#]*pam_tally2.so/ c\auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300" /etc/pam.d/common-auth-vmware.local