AIX must enforce a delay of at least 4 seconds between login prompts following a failed login attempt.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215337 | SRG-OS-000480-GPOS-00226 | AIX7-00-003029 | SV-215337r991588_rule | 2026-02-06 | 3 |
Description
Limiting the number of login attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
ℹ️ Check
From the command prompt, run the following command to check the default "logindelay" value:
# lssec -f /etc/security/login.cfg -s default -a logindelay
The above command should yield the following output:
default logindelay=4
If the above command displays the "logindelay" value less than "4", this is a finding.
✔️ Fix
From the command prompt, run the following command to set "logindelay=4" for the default stanza in "/etc/security/login.cfg":
# chsec -f /etc/security/login.cfg -s default -a logindelay=4