Security Documentation Error

Posted on

Was writing some security-enforcement CM modules for my environment. Was consulting RedHat's SCAP security guide to use as my reference. I got to implementing the section on pam_faillock and discovered that it didn't seem to be working. The system log would show that it was setting the lock action:

Dec  3 12:50:53 ip-172-31-2-104 sshd[8647]: pam_faillock(sshd:auth): Consecutive login failures for user testuser account temporarily locked
Dec  3 12:50:55 ip-172-31-2-104 sshd[8647]: Failed password for testuser from 208.48.166.129 port 54925 ssh2
Dec  3 12:50:55 ip-172-31-2-104 sshd[8650]: Connection closed by 208.48.166.129
Dec  3 12:50:55 ip-172-31-2-104 sshd[8647]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.48.166.129  user=testuser

However, if I reconnected to the system and used the same userid and correct credentials, it would let me in. So, started googling around and found a solution document concerning the issue.

In looking at the SCAP guide, they pulled the content from the STIGs for EL6 - the same bug is there. Also looks like the documentation-bug is in the scap-security-guide-0.1.18-3.el6.noarch RPM. I'd open a case to get the SCAP guides fixed, but my current account doesn't seem to have that ability associated with it, any more.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.