Skip to content

Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.

An XCCDF Rule

Description

The pam_faillock.so module must be loaded in preauth in /etc/pam.d/password-auth.

Rationale

If the pam_faillock.so module is not loaded the system will not correctly lockout accounts to prevent password guessing attacks.

ID
xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth
Severity
Medium
References
Updated