CCE-99414-4Platform: cpe:/o:redhat:enterprise_linux:9 | Date: (C)2023-07-04 (M)2023-07-14 |
Description:
The pam_faillock.so module maintains a list of failed authentication attempts per user
during a specified interval and locks the account in case there were more than deny
consecutive failed authentications. It stores the failure records into per-user files in the
tally directory.
Rationale:
Locking out user IDs after n unsuccessful consecutive login attempts
mitigates brute force password attacks against your systems.
Audit:
Verify that faillock is enabled.
Run the following command:
# grep pam_faillock.so /etc/pam.d/password-auth /etc/pam.d/system-auth
Fix:
Run the following command to include the `with-faillock` option to the current authselect
profile
# authselect enable-feature with-faillock
#authselect apply-changes
Parameter:
[yes/No]
Technical Mechanism:
Run the following command to include the `with-faillock` option to the current authselect
profile
# authselect enable-feature with-faillock
#authselect apply-changes
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:86910 |