UCF STIG Viewer Logo

The system must log authentication informational data.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12004 GEN003660 SV-35062r1_rule ECAR-3 ECAR-2 ECAR-1 Medium
Description
Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36521r1_chk )
Check /etc/syslog.conf and verify the auth facility is logging both the notice and info (NOTE that auth.info includes auth.notice and the auth.debug includes both auth.info and auth.notice) level messages by:
# cat /etc/syslog.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | egrep -i "auth.info|auth.debug|auth.\*|\*.info|\*.debug"

If auth.* is not found, or auth.notice or auth.debug or *.info and *.debug are not found, this is a finding.
Fix Text (F-31881r1_fix)
Edit /etc/syslog.conf and add local log destinations for auth.*, auth.debug, auth.info, *.debug or *.info.

NOTE: In general and though not required, it is always advisable to explicitly declare auth.info or auth.debug entries rather than use the wildcard notation method.