The HYCU VM console must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any logon attempt for 15 minutes.
An XCCDF Rule
Description
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-246826r768142_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Go to the "/etc/pam.d/" folder.
Move the current configuration and make new copies to be edited by executing the following commands:
sudo mv password-auth password-auth-as
sudo mv system-auth system-auth-as