Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.
An XCCDF Rule
Description
The pam_faillock.so module must be loaded in preauth in /etc/pam.d/password-auth.
Rationale
If the pam_faillock.so module is not loaded the system will not correctly lockout accounts to prevent password guessing attacks.
- ID
- xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth
- Severity
- Medium
- Updated