Details
Defines the number of seconds delay between each failed login attempt. This works as a multiplier, so if the parameter is set to 10, after the first failed login it would delay for 10 seconds, after the second failed login 20 seconds etc.
In setting the logindelay attribute, this implements a delay multiplier in-between unsuccessful login attempts.
Solution
In /etc/security/login.cfg, set the default stanza logindelay attribute to 10 or greater-
chsec -f /etc/security/login.cfg -s default -a logindelay=10
This means that a user will have to wait 10 seconds before being able to re-enter their password. During subsequent attempts this delay will increase as a multiplier of (the number of failed login attempts * logindelay)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.