The HYCU virtual appliance must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.

An XCCDF Rule

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID: SV-268227r1038750_rule
Version: HYCU-ND-000090
Severity: Medium
References: CCI-000044
Updated: about 2 months ago

Remediation Templates

Log in to the server virtual console and navigate to the "/etc/pam.d/" folder.

Move the current configuration and make new copies to be edited by executing the following commands:

sudo cp password-auth password-auth-as
sudo cp system-auth system-auth-as

Edit the files "password-auth" and "system-auth".

Add the lines:
auth        required                                     pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=60 unlock_time=900
after line 
auth        required                                     pam_env.so

Add:
auth        required                                     pam_faillock.so authfail audit unlock_time=900
after
auth        sufficient                                   pam_unix.so nullok

Add:
account     required                                     pam_faillock.so
before 
account     required                                     pam_unix.so

The files "system-auth" and "password-auth" are identical, so the procedure can be done on one of the files and copied to the second one.

Restart sssd service:
sudo systemctl restart sssd.service

The HYCU virtual appliance must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.

Description

Remediation Templates

A Manual Procedure