Enforcement of Delay Between Logon Prompts Following a Failed Logon Attempt.

The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Rationale: Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.

Audit: Verify the Ubuntu operating system enforces a delay of at least 4 seconds between logon prompts following a failed logon attempt.

Check that the Ubuntu operating system enforces a delay of at least 4 seconds between logon prompts with the following command:

grep pam_faildelay /etc/pam.d/common-auth auth required pam_faildelay.so delay=4000000

If the line is not present, or is commented out, this is a finding.

Remediation:

Configure the Ubuntu operating system to enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. Edit the file /etc/pam.d/common-auth and set the parameter pam_faildelay to a value of 4000000 or greater:

auth required pam_faildelay.so delay=4000000

--

--

--

Trusted Veteran | Compassionate. Aspiring. Resourceful.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Weekly Newsletter: What is Reliability Engineering?

Understanding the Tags in HTML Boilerplate

Launch a container on docker and Run any GUI software on the container!

Control language

Overview Of Agile Process

How to Create and Run a Flask App

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Austin Songer

Austin Songer

Trusted Veteran | Compassionate. Aspiring. Resourceful.

More from Medium

Why Distro Fragmentation is bad (and confuses new Linux users)

Process Manager-{systemd}

Linux Directories

Bash aliases

Bash shell