SLEM 5 must use the default pam_tally2 tally directory.

An XCCDF Rule

Description

<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. SELinux, enforcing a targeted policy, will be required to match the default directory's security context type.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-261366r996837_rule
Severity: Medium
References: CCI-000044
Updated: 20 days ago

Configure SLEM 5 to use the default pam_tally2 tally directory while SELinux enforces a targeted policy.

Remove the pam_tallly nondefault tally directory if any, by removing "file=[directory-name]" configuration part from /etc/pam.d/login:

     > sudo sed -ri 's/\s+file=\S+\s+/ /g' /etc/pam.d/login 
Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "tallylog_t" context type for the default pam_tally2 tally directory with the following command:

     > sudo semanage fcontext -a -t tallylog_t "/var/log/tallylog" 

Next, update the context type of the default tallylog directory/subdirectories and files with the following command: 

     > sudo restorecon -R -v /var/log/tallylog

SLEM 5 must use the default pam_tally2 tally directory.

Description

Remediation - Manual Procedure