Skip to content

Guide to the Secure Configuration of Kylin Server 10

Rules, Groups, and Values defined within the XCCDF Benchmark

  • remember

    The last n passwords for each user are saved in <code>/etc/security/opasswd</code> in order to force password change history and keep the user from alternating between the same password too frequen...
    Value
  • Set Lockouts for Failed Password Attempts

    The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentation is available in <code>/usr/share/doc/pam-VERSIO...
    Group
  • fail_deny

    Number of failed login attempts before account lockout
    Value
  • fail_unlock_time

    Seconds before automatic unlocking or permanently locking after excessive failed logins
    Value
  • Limit Password Reuse

    Do not allow users to reuse recent passwords. This can be accomplished by using the remember option for the pam_unix or pam_pwhistory PAM modules.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules