Detections
Analytics

1.81 UBTU-22-412010

Information

The operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

GROUP ID: V-260550
RULE ID: SV-260550r991588

Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

Solution

Configure the operating system to enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

Add or modify the following line in the "/etc/pam.d/common-auth" file:

auth required pam_faildelay.so delay=4000000

See Also

https://workbench.cisecurity.org/benchmarks/22168

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, CSCv7|5.1, Rule-ID|SV-260550r991588_rule, STIG-ID|UBTU-22-412010, Vuln-ID|V-260550

Plugin: Unix

Control ID: c19a7477b2888e851148f46d1f29c6bf0882babc827ba9ac5b917b4f6d230bf1