Check: GEN000480
AIX 5.3 STIG:
GEN000480
(in version v1 r3)
Title
The delay between login prompts following a failed login attempt must be at least 4 seconds. (Cat II impact)
Discussion
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.
Check Content
Check the logindelay parameter. # more /etc/security/login.cfg OR #grep logindelay /etc/security/login.cfg | grep -v \* Verify the value of the logindelay variable is 4 or more in each stanza. If the value of logindelay is not 4 or more, this is a finding.
Fix Text
Use vi or the chsec command to change the login delay time period. #chsec -f /etc/security/login.cfg -s default -a logindelay=4 OR # vi /etc/security/login.cfg Add logindelay = 4 to the default stanza.
Additional Identifiers
Rule ID: SV-38839r1_rule
Vulnerability ID: V-768
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000043 |
The organization defines the maximum number of consecutive invalid logon attempts to the information system by a user during an organization-defined time period. |
Controls
Number | Title |
---|---|
AC-7 |
Unsuccessful Logon Attempts |