Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240548 | VRAU-SL-001520 | SV-240548r671385_rule | Medium |
Description |
---|
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Check Text ( C-43781r671383_chk ) |
---|
Verify the SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt. Review the file "/etc/login.defs" and verify the parameter "FAIL_DELAY" is a value of "4" or greater. # grep FAIL_DELAY /etc/login.defs The typical configuration looks something like this: FAIL_DELAY 4 If the parameter "FAIL_DELAY" does not exists, or is less than "4", this is a finding. |
Fix Text (F-43740r671384_fix) |
---|
Configure the SLES for vRealize to enforce a delay of at least "4" seconds between logon prompts following a failed logon attempt. Set the parameter "FAIL_DELAY" to a value of "4" or greater. Edit the file "/etc/login.defs". Set the parameter "FAIL_DELAY" to a value of "4" or greater. The typical configuration looks something like this: FAIL_DELAY 4 Save the changes made to the file. |