Details
Defines the time interval, in seconds, when the unsuccessful logins must occur to disable a port. This parameter is applicable to all tty connections and the system console.
In setting the logininterval attribute, a port will be disabled if the incorrect password is entered a pre-defined number of times, set via logindisable, within this interval.
Solution
In/etc/security/login.cfg, set the default stanza logininterval attribute to 300 or less-
chsec -f /etc/security/login.cfg -s default -a logininterval=300
This means that the port will be disabled if the incorrect password is typed the appropriate number of times, within a 300 second interval.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.