From d1d8ace7b49d104e4d98a53d2e6786fd5c855e06 Mon Sep 17 00:00:00 2001 From: Alan Moore Date: Thu, 2 Jan 2025 17:37:48 +0000 Subject: [PATCH] Implement rule 5.3.3.1.1 Ensure password failed attempts lockout is configured --- controls/cis_ubuntu2404.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml index 74b56aa1cae..a2edbacd43c 100644 --- a/controls/cis_ubuntu2404.yml +++ b/controls/cis_ubuntu2404.yml @@ -1889,15 +1889,10 @@ controls: levels: - l1_server - l1_workstation - related_rules: + rules: - var_accounts_passwords_pam_faillock_deny=4 - - var_accounts_passwords_pam_faillock_fail_interval=900 - - var_accounts_passwords_pam_faillock_unlock_time=600 - accounts_passwords_pam_faillock_deny - - accounts_passwords_pam_faillock_interval - - accounts_passwords_pam_faillock_unlock_time - status: planned - notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/5.4.2. + status: automated - id: 5.3.3.1.2 title: Ensure password unlock time is configured (Automated)