{"description": "This rule configures the system to use default pam_tally2 tally directory", "rationale": "By limiting the number of failed logon attempts, the risk of unauthorized\nsystem access via user password guessing, otherwise known as\nbrute-force attacks, is reduced. Limits are imposed by locking the account.", "severity": "medium", "references": {"srg": ["SRG-OS-000021-GPOS-00005"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "file= is set to /var/log/tallylog or missing", "ocil": "Verify the location of the default tallylog file for the pam_tally2 module,\nwith the following command\n<pre>$sudo grep -R pam_tally2 /etc/pam.d/login | grep \"file=\" | grep -v \"^#\"</pre>", "oval_external_content": null, "fixtext": "Configure SLEM 5 to use the default pam_tally2 tally directory\nModify the content of <tt>/etc/pam.d/login</tt>, like this:\n<pre>sudo sed -ri 's/\\s+file=\\S+\\s+/ /g' /etc/pam.d/login</tt> </pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[pam]", "platforms": ["package[pam]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_pam"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "SLEM 5 must use the default pam_tally2 tally directory.", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_file/rule.yml", "template": {"name": "pam_options", "vars": {"path": "/etc/pam.d/login", "type": "auth", "control_flag": "required", "module": "pam_tally2.so", "arguments": [{"argument": "file", "argument_match": ".*", "remove_argument": "file="}]}, "backends": {}}}