Detections
Analytics

4.7.4 Ensure logintimeout is configured

Information

Defines the number of seconds during which the password must be typed at login.

In setting the logintimeout attribute, a password must be entered within a specified time period.

Solution

In /etc/security/login.cfg set the usw stanza logintimeout attribute to 30 or less:

chsec -f /etc/security/login.cfg -s usw -a logintimeout=30

This means that a user will have 30 seconds, from prompting, in which to type in their password.

See Also

https://workbench.cisecurity.org/benchmarks/19066

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: Unix

Control ID: 004e88a17d6e117d4a7d26d587170c4deba881a3eb9bb78f1bfa36c6151b5b0e