Check: AIX7-00-003029
IBM AIX 7.x STIG:
AIX7-00-003029
(in versions v3 r1 through v1 r1)
Title
AIX must enforce a delay of at least 4 seconds between login prompts following a failed login attempt. (Cat II impact)
Discussion
Limiting the number of login attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
Check Content
From the command prompt, run the following command to check the default "logindelay" value: # lssec -f /etc/security/login.cfg -s default -a logindelay The above command should yield the following output: default logindelay=4 If the above command displays the "logindelay" value less than "4", this is a finding.
Fix Text
From the command prompt, run the following command to set "logindelay=4" for the default stanza in "/etc/security/login.cfg": # chsec -f /etc/security/login.cfg -s default -a logindelay=4
Additional Identifiers
Rule ID: SV-215337r991588_rule
Vulnerability ID: V-215337
Group Title: SRG-OS-000480-GPOS-00226
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |