mediumaccess-controlverified ✓rollback-safe
Set failed login counting interval
pam-faillock-fail-interval · RHEL ≥ 8 · 1 impl
Description
The fail_interval parameter in /etc/security/faillock.conf sets the interval in seconds during which failed login attempts are counted.
Rationale
Setting a fail interval ensures that failed login attempts are counted within a defined window. This prevents attackers from spreading out brute-force attempts over a long period to avoid lockout.
Check → Remediate
Checkconfig_value
- path:
- /etc/security/faillock.conf
- key:
- fail_interval
- expected:
- 900
- comparator:
- >=
Remediateconfig_set
- path:
- /etc/security/faillock.conf
- key:
- fail_interval
- value:
- 900
- separator:
- =
Framework references
CIS
rhel8 5.3.3.1.1rhel10 5.3.2.1.1rhel9 5.3.3.1.1
STIG
V-258056V-230334V-230335 / RHEL-08-020013V-281196 / RHEL-10-600420
NIST 800-53
AC-7(a)
Live verification
rhel10:checkrhel8:checkrhel9:check
#pam#authentication#account-lockout#faillock