From VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
Part of SRG-OS-000329-GPOS-00128
Associated with: CCI-002238
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
Check the "pam_tally2" configuration: # more /etc/pam.d/common-auth Confirm the following line is configured: auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300 # more /etc/pam.d/common-account Confirm the following line is configured: account required pam_tally2.so If no such lines are found, this is a finding.
Edit "/etc/pam.d/common-auth" and add the following line: auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300 Edit "/etc/pam.d/common-account" and add the following line: account required pam_tally2.so
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer