Detections
Analytics

1.315 RHEL-09-611030

Information

RHEL 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.

GROUP ID: V-258095
RULE ID: SV-258095r1045189

If the pam_faillock.so module is not loaded, the system will not correctly lockout accounts to prevent password guessing attacks.

Solution

Configure RHEL 9 to include the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.

If PAM is managed with authselect, enable the feature with the following command:

$ sudo authselect enable-feature with-faillock

Otherwise, add/modify the appropriate sections of the "/etc/pam.d/system-auth" file to match the following lines:Note: The "preauth" line must be listed before pam_unix.so.

auth required pam_faillock.so preauth
auth required pam_faillock.so authfail
account required pam_faillock.so

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CAT|II, CCI|CCI-000044, Rule-ID|SV-258095r1045189_rule, STIG-ID|RHEL-09-611030, Vuln-ID|V-258095

Plugin: Unix

Control ID: ea963ac185d312e9322e334b829d5e69e986b51b9797fc89520153a27fdaa72a