{"description": "In the default graphical environment, the GNOME3 login\nscreen and be configured to restart the authentication process after\na configured number of attempts. This can be configured by setting\n<tt>allowed-failures</tt> to <tt>3</tt> or less.\n<br /><br />\nTo enable, add or edit <tt>allowed-failures</tt> to\n<tt>/etc/dconf/db/gdm.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/login-screen]\nallowed-failures=3</pre>\nOnce the setting has been added, add a lock to\n<tt>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</tt> to prevent user modification.\nFor example:\n<pre>/org/gnome/login-screen/allowed-failures</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "Setting the password retry prompts that are permitted on a per-session basis to a low value\nrequires some software, such as SSH, to re-connect. This can slow down and\ndraw additional attention to some types of password-guessing attacks.", "severity": "medium", "references": {"cui": ["3.1.8"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "allowed-failures is not equal to or less than the expected value", "ocil": "To ensure the login screen resets after a specified number of failures,\nrun the following command:\n<pre>$ grep allowed-failures /etc/dconf/db/gdm.d/*</pre>\nThe output should be <tt>3</tt> or less.\nTo ensure that users cannot change or configure the resets after a specified\nnumber of failures on the login screen, run the following:\n<pre>$ grep allowed-failures /etc/dconf/db/gdm.d/locks/*</pre>\nIf properly configured, the output should be <tt>/org/gnome/login-screen/allowed-failures</tt>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Set the GNOME3 Login Number of Failures", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml", "template": null}