SLES-12-010370 - The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

Solution

Configure the SUSE operating system to enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

Edit the file '/etc/pam.d/common-auth'.

Add a parameter 'pam_faildelay' and set it to a value of '4000000' or greater:

# delay is in micro seconds
auth required pam_faildelay.so delay=4000000

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_12_V2R12_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-217138r603262_rule, STIG-ID|SLES-12-010370, STIG-Legacy|SV-91827, STIG-Legacy|V-77131, Vuln-ID|V-217138

Plugin: Unix

Control ID: 802faca2016fbb7f12343e2065dbae3828c01fbf6040f9ec2d63c0b576e1258d