Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40493 | GEN000000-HPUX0460 | SV-52482r3_rule | Medium |
Description |
---|
Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2017-05-19 |
Check Text ( C-47029r3_chk ) |
---|
Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User profiles are stored in these directories based on the first letter of the user account name. Check the user attributes for the time and source of the last (successful and unsuccessful) login. This information is presented during login. All attributes are generated by the system in an integer format (system time). See the example commands below: For successful logins: # egrep "u_succhg#[0-9]+:" /tcb/files/auth/[a-z,A-Z]/* For unsuccessful login attempts: # egrep "u_unsucchg#[0-9]+:" /tcb/files/auth/[a-z,A-Z]/* If any users are missing the above attributes or attribute integer data, this is a finding. For SMSE: Check for the following attribute and attribute value: DISPLAY_LAST_LOGIN=1 # grep "DISPLAY_LAST_LOGIN" /etc/default/security /var/adm/userdb/* If the DISPLAY_LAST_LOGIN attribute is set to 0, this is a finding. |
Fix Text (F-45442r1_fix) |
---|
For Trusted Mode: Use the SAM/SMH interface to ensure the attributes are added to all user /tcb profiles. For SMSE: Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file. Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update attribute. See the below example: DISPLAY_LAST_LOGIN=1 Note: Never use a text editor to modify any /var/adm/userdb database file. The database contains checksums and other binary data, and editors (vi included) do not follow the file locking conventions that are used to control access to the database. If manually editing the /etc/default/security file, save any change(s) before exiting the editor. |