Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of SUSE Linux Enterprise Micro 5
System Settings
Account and Access Control
Secure Session Configuration Files for Login Accounts
Secure Session Configuration Files for Login Accounts
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Secure Session Configuration Files for Login Accounts
1 Rule
When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the user's home directory, and may have weak permissions as a result of user error or misconfiguration. If an attacker can modify or even read certain types of account configuration information, they can often gain full access to the affected user's account. Therefore, it is important to test and correct configuration file permissions for interactive accounts, particularly those of privileged users such as root or system administrators.
Maximum login attempts delay
Maximum time in seconds between fail login attempts before re-prompting.
Ensure the Logon Failure Delay is Set Correctly in login.defs
Medium Severity
To ensure the logon failure delay controlled by
/etc/login.defs
is set properly, add or correct the
FAIL_DELAY
setting in
/etc/login.defs
to read as follows:
FAIL_DELAY