The system must display the date and time of the last successful account login upon login by means other than SSH.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-40493	GEN000000-HPUX0460	SV-52482r1_rule	ECSC-1	Medium

Description
Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.

STIG	Date
HP-UX SMSE Security Technical Implementation Guide	2014-02-28

Details

Check Text ( C-47029r1_chk )
For Trusted Mode: Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User profiles are stored in these directories based on the first letter of the user account name. Check the user attributes for the time and source of the last (successful and unsuccessful) login. This information is presented during login. All attributes are generated by the system in an integer format (system time). See the example command and sample output below: # egrep “u_unsucchg:#\|u_succhg:#\|u_unsuclog:#\|u_unsuclog:#” /tcb/files/auth/[a-z,A-Z]/* :u_succhg#1374687660:\ :u_unsucchg#1374687126:\ :u_suclog#1374691278:\ :u_unsuclog#1374687890:\ If any users are missing the above attributes or attribute integer data, this is a finding. For SMSE: Check for the following attribute and attribute value: DISPLAY_LAST_LOGIN=1 # grep “DISPLAY_LAST_LOGIN” /etc/default/security /var/adm/userdb/* If the DISPLAY_LAST_LOGIN attribute is set to 0, this is a finding.

Check Text ( C-47029r1_chk )

For Trusted Mode:
Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User profiles are stored in these directories based on the first letter of the user account name. Check the user attributes for the time and source of the last (successful and unsuccessful) login. This information is presented during login. All attributes are generated by the system in an integer format (system time). See the example command and sample output below:
# egrep “u_unsucchg:#|u_succhg:#|u_unsuclog:#|u_unsuclog:#” /tcb/files/auth/[a-z,A-Z]/*
:u_succhg#1374687660:\
:u_unsucchg#1374687126:\
:u_suclog#1374691278:\
:u_unsuclog#1374687890:\

If any users are missing the above attributes or attribute integer data, this is a finding.

For SMSE:
Check for the following attribute and attribute value:
DISPLAY_LAST_LOGIN=1
# grep “DISPLAY_LAST_LOGIN” /etc/default/security /var/adm/userdb/*

If the DISPLAY_LAST_LOGIN attribute is set to 0, this is a finding.

Fix Text (F-45442r1_fix)
For Trusted Mode: Use the SAM/SMH interface to ensure the attributes are added to all user /tcb profiles. For SMSE: Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file. Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update attribute. See the below example: DISPLAY_LAST_LOGIN=1 Note: Never use a text editor to modify any /var/adm/userdb database file. The database contains checksums and other binary data, and editors (vi included) do not follow the file locking conventions that are used to control access to the database. If manually editing the /etc/default/security file, save any change(s) before exiting the editor.

Fix Text (F-45442r1_fix)

For Trusted Mode:
Use the SAM/SMH interface to ensure the attributes are added to all user /tcb profiles.

For SMSE:
Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file.

Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update attribute. See the below example:
DISPLAY_LAST_LOGIN=1

Note: Never use a text editor to modify any /var/adm/userdb database file. The database contains checksums and other binary data, and editors (vi included) do not follow the file locking conventions that are used to control access to the database.

If manually editing the /etc/default/security file, save any change(s) before exiting the editor.