STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

DISA Rule

SV-100525r1_rule

Vulnerability Number

V-89875

Group Title

SRG-OS-000480-GPOS-00226

Rule Version

VRAU-SL-001525

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the SLES for vRealize to enforce a delay of at least "4" seconds between logon prompts following a failed logon attempt with the following command:

# sed -i "/^[^#]*pam_faildelay.so/ c\auth required pam_faildelay.so delay=4000000" /etc/pam.d/common-auth-vmware.local

Check Contents

Verify the SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt.

Verify the use of the "pam_faildelay" module.

# grep pam_faildelay /etc/pam.d/common-auth*

The typical configuration looks something like this:

#delay is in micro seconds
auth required pam_faildelay.so delay=4000000

If the line is not present, this is a finding.

Vulnerability Number

V-89875

Documentable

False

Rule Version

VRAU-SL-001525

Severity Override Guidance

Verify the SLES for vRealize enforces a delay of at least "4" seconds between logon prompts following a failed logon attempt.

Verify the use of the "pam_faildelay" module.

# grep pam_faildelay /etc/pam.d/common-auth*

The typical configuration looks something like this:

#delay is in micro seconds
auth required pam_faildelay.so delay=4000000

If the line is not present, this is a finding.

Check Content Reference

M

Target Key

3459

Comments