Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Successful and unsuccessful logins and logouts must be logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-765 | GEN000440 | SV-38935r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system. Without this logging, the ability to track unauthorized activity to specific user accounts may be diminished. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-27993r1_chk ) |
|---|
| Check the system logs for successful and unsuccessful logins. If these events are not present in the logs, this is a finding. |
| Fix Text (F-31630r1_fix) |
|---|
| Edit /etc/syslog.conf and add local log destinations for auth.* or both auth.notice and auth.info. “auth.info /var/log/authlog” Verify service startup scripts for syslog and utmp (if present) are enabled. # vi /etc/rc.tcpip Check the syslogd service is not commented out. Refresh syslogd #refresh –s syslogd |