Enforcement of Delay Between Logon Prompts Following a Failed Logon Attempt.

Enforcement of Delay Between Logon Prompts Following a Failed Logon Attempt.

The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Rationale:

Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

Audit:

Verify the Ubuntu operating system enforces a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Check that the Ubuntu operating system enforces a delay of at least 4 seconds between logon prompts with the following command:

grep pam_faildelay /etc/pam.d/common-auth
auth required pam_faildelay.so delay=4000000

If the line is not present, or is commented out, this is a finding.

Remediation:

Configure the Ubuntu operating system to enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Edit the file /etc/pam.d/common-auth and set the parameter pam_faildelay to a value of 4000000 or greater:

auth required pam_faildelay.so delay=4000000


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.