NixOS must enforce a delay of at least four seconds between login prompts following a failed login attempt.

An XCCDF Rule

Description

Limiting the number of login attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

ID: SV-268171r1039583_rule
Version: ANIX-00-001870
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure NixOS operating system to enforce a four-second delay between login attempts.

Add the following Nix code to the NixOS Configuration usually located in /etc/nixos/configuration.nix

environment.etc."login.defs".text = pkgs.lib.mkForce ''
FAIL_DELAY 4'';

Rebuild the system with the following command:

$ sudo nixos-rebuild switch