STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

DISA Rule

SV-100121r1_rule

Vulnerability Number

V-89471

Group Title

SRG-OS-000021-GPOS-00005

Rule Version

VRAU-SL-000025

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

To configure the SLES for vRealize to enforce the limit of three consecutive invalid attempts using "pam_tally2.so", modify the content of the /etc/pam.d/common-auth-vmware.local by running the following command:

# sed -i "/^[^#]*pam_tally2.so/ c\auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300" /etc/pam.d/common-auth-vmware.local

Check Contents

Run the following command to ensure that the operating system enforces the limit of three consecutive invalid logon attempts by a user:

# grep pam_tally2.so /etc/pam.d/common-auth

The output should contain "deny=3" in the returned line.

If this is not the case, this is a finding.

Expected Result:
auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

Vulnerability Number

V-89471

Documentable

False

Rule Version

VRAU-SL-000025

Severity Override Guidance

Run the following command to ensure that the operating system enforces the limit of three consecutive invalid logon attempts by a user:

# grep pam_tally2.so /etc/pam.d/common-auth

The output should contain "deny=3" in the returned line.

If this is not the case, this is a finding.

Expected Result:
auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=86400 root_unlock_time=300

Check Content Reference

M

Target Key

3459

Comments