← Rules Catalog
mediumaccess-controlverified rollback-safe

Set failed login counting interval

pam-faillock-fail-interval · RHEL ≥ 8 · 1 impl

Description

The fail_interval parameter in /etc/security/faillock.conf sets the interval in seconds during which failed login attempts are counted.

Rationale

Setting a fail interval ensures that failed login attempts are counted within a defined window. This prevents attackers from spreading out brute-force attempts over a long period to avoid lockout.

Check → Remediate

Checkconfig_value
path:
/etc/security/faillock.conf
key:
fail_interval
expected:
900
comparator:
>=
Remediateconfig_set
path:
/etc/security/faillock.conf
key:
fail_interval
value:
900
separator:
=

Framework references

CIS

rhel8 5.3.3.1.1rhel10 5.3.2.1.1rhel9 5.3.3.1.1

STIG

V-258056V-230334V-230335 / RHEL-08-020013V-281196 / RHEL-10-600420

NIST 800-53

AC-7(a)

Live verification

rhel10:checkrhel8:checkrhel9:check
#pam#authentication#account-lockout#faillock