22 Dec
2010
22 Dec
'10
10:24 p.m.
hey list
I'm doing a PCI audit for my company. One of the requirements is to specify a lockout duration of 30 minutes after 6 failed login attempts:
For a sample of system components, obtain and insp 8.5.14 rd parameters system configuration settings to verify that passwo ed out, it are set to require that once a user account is lock a system remains locked for a minimum of 30 minutes or until administrator resets the account
I'm pretty sure this is a pam thing but does anyone know how this can best be achieved?
thanks!
--
GPG me!!
gpg --keyserver pgp.mit.edu --recv-keys F186197B
23 Dec
23 Dec
2:48 a.m.
see cis rhel 5.5 documentation and latest version of it for configuration examples. or use compensative controls.
is it really sampled? usually no ;)
eero, rhce
5113
Age (days ago)
5114
Last active (days ago)
1 comments
2 participants
participants (2)
-
bluethundr -
Eero Volotinen