The HYCU virtual appliance must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

Log in to the HYCU VM console and go to the "/etc/pam.d/" folder. Verify that "password-auth" and "system-auth" contain the following three lines, and the values for deny and unlock_time are as shown. Commands: sudo grep pam_faillock.so /etc/pam.d/password-auth sudo grep pam_faillock.so /etc/pam.d/system-auth Both should displays the following three lines: auth required pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=60 unlock_time=900 auth required pam_faillock.so authfail audit unlock_time=900 account required pam_faillock.so If the required content is not present, this is a finding.

Log in to the server virtual console and navigate to the "/etc/pam.d/" folder. Move the current configuration and make new copies to be edited by executing the following commands: sudo cp password-auth password-auth-as sudo cp system-auth system-auth-as Edit the files "password-auth" and "system-auth". Add the lines: auth required pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=60 unlock_time=900 after line auth required pam_env.so Add: auth required pam_faillock.so authfail audit unlock_time=900 after auth sufficient pam_unix.so nullok Add: account required pam_faillock.so before account required pam_unix.so The files "system-auth" and "password-auth" are identical, so the procedure can be done on one of the files and copied to the second one. Restart sssd service: sudo systemctl restart sssd.service