Use the DELAYLOG record to impose a minimum wait between an invalid logon attempt and the next attempt.
DELAYLOG seconds
DELAYLOG is defined in the PRODUCT CONFIG file.
Specifies the minimum number of seconds a user must wait between an invalid logon attempt and the next logon attempt.
The maximum value for seconds is 99999999 (approximately 1157 days). The default is 0.
The DELAYLOG record is valid only if you are using the Rules Facility.
Using the DELAYLOG record to specify a wait time discourages unauthorized access to the system by forcing the terminal attempting to logon to wait for a period of time before being able to attempt another logon.
Use a reasonable value for the minimum wait; this value causes the device to lock up, and CA VM:Secure waits on the process until the wait time passes. This does not prevent other processes from running, but does incur slight system overhead.
Changing the minimum wait time on the DELAYLOG record does not affect the wait time for any user currently waiting to log on after making an invalid logon attempt. For example, the DELAYLOG record specifies a wait of 300 seconds when User A made an invalid logon attempt. If you change the 300‑second wait to 120 seconds, two minutes after User A failed to log on properly, that user must still wait three more minutes—the full five minutes required when his logon attempt failed—even though the wait is now just two minutes.
|
Copyright © 2014 CA.
All rights reserved.
|
|