Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.

An XCCDF Rule

Description

The pam_faillock.so module must be loaded in preauth in /etc/pam.d/system-auth.

Rationale

If the pam_faillock.so module is not loaded the system will not correctly lockout accounts to prevent password guessing attacks.

ID: xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth
Severity: Medium
References: CCI-000044

AC-7 (a)

SRG-OS-000021-GPOS-00005

RHEL-08-020025

SV-244533r743848_rule

CCE-86916-4
Updated: about 1 year ago