Information
The SLEEPTIME variable in the /etc/default/login file controls the number of seconds to
wait before printing the "login incorrect" message when a bad password is provided. The
default value for SLEEPTIME is 4 seconds.
Rationale:
As an immediate return of an error message, coupled with the capability to try again may
facilitate automatic and rapid-fire brute-force password attacks by a malicious user, this
delay time should be set as appropriate to the needs of the user.
Solution
Perform the following to implement the recommended state:
# cd /etc/default
# cp login login.orig
# awk '/SLEEPTIME=/ { $1 = "SLEEPTIME=4" } { print }' login > login.CIS
# mv login.CIS login