The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239649	VROM-SL-001500	SV-239649r662398_rule		Medium

Description
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

STIG	Date
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide	2021-07-01

Details

Check Text ( C-42882r662396_chk )
Verify SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt. Verify the use of the "pam_faildelay" module. Procedure: # grep pam_faildelay /etc/pam.d/common-auth* The typical configuration looks something like this: #delay is in micro seconds auth required pam_faildelay.so delay=4000000 If the line is not present, this is a finding.

Check Text ( C-42882r662396_chk )

Verify SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt.

Verify the use of the "pam_faildelay" module.

Procedure:

# grep pam_faildelay /etc/pam.d/common-auth*

The typical configuration looks something like this:

#delay is in micro seconds
auth required pam_faildelay.so delay=4000000

If the line is not present, this is a finding.

Fix Text (F-42841r662397_fix)
Configure SLES for vRealize to enforce a delay of at least "4" seconds between logon prompts following a failed logon attempt with the following command: # sed -i "/^[^#]*pam_faildelay.so/ c\auth required pam_faildelay.so delay=4000000" /etc/pam.d/common-auth-vmware.local