Navigate

Check: SOL-11.1-040160

Solaris 11 SPARC STIG: SOL-11.1-040160 (in versions v2 r10 through v1 r10)

Title

The delay between login prompts following a failed login attempt must be at least 4 seconds. (Cat II impact)

Discussion

As an immediate return of an error message, coupled with the capability to try again, may facilitate automatic and rapid-fire brute-force password attacks by a malicious user.

Check Content

Check the SLEEPTIME parameter in the /etc/default/login file. # grep ^SLEEPTIME /etc/default/login If the output is not SLEEPTIME=4 or more, this is a finding.

Fix Text

The root role is required. # pfedit the /etc/default/login Locate the line containing: SLEEPTIME Change the line to read: SLEEPTIME=4

Additional Identifiers

Rule ID: SV-216335r603267_rule

Vulnerability ID: V-216335

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings