Navigate

Check: GEN000480

Solaris 10 SPARC STIG: GEN000480 (in versions v2 r4 through v1 r19)

Title

The delay between login prompts following a failed login attempt must be at least 4 seconds. (Cat II impact)

Discussion

Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.

Check Content

Check the SLEEPTIME parameter in the /etc/default/login file. # grep SLEEPTIME /etc/default/login If SLEEPTIME is not listed, commented out, or less than 4, this is a finding.

Fix Text

Edit the /etc/default/login file and set SLEEPTIME to 4.

Additional Identifiers

Rule ID: SV-220022r854393_rule

Vulnerability ID: V-220022

Group Title: SRG-OS-000329

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002238	The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-7	Unsuccessful Logon Attempts