Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239649 | VROM-SL-001500 | SV-239649r662398_rule | Medium |
| Description |
|---|
| Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. |
| STIG | Date |
|---|---|
| VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide | 2023-09-21 |
Details
| Check Text ( C-42882r662396_chk ) |
|---|
| Verify SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt. Verify the use of the "pam_faildelay" module. Procedure: # grep pam_faildelay /etc/pam.d/common-auth* The typical configuration looks something like this: #delay is in micro seconds auth required pam_faildelay.so delay=4000000 If the line is not present, this is a finding. |
| Fix Text (F-42841r662397_fix) |
|---|
| Configure SLES for vRealize to enforce a delay of at least "4" seconds between logon prompts following a failed logon attempt with the following command: # sed -i "/^[^#]*pam_faildelay.so/ c\auth required pam_faildelay.so delay=4000000" /etc/pam.d/common-auth-vmware.local |