UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must log informational authentication data.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12004 GEN003660 SV-37404r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2013-07-03

Details

Check Text ( C-36086r2_chk )
Check /etc/syslog.conf and verify the authpriv facility is logging both the "notice" and "info" priority messages.

Procedure:
For a given action all messages of a higher severity or "priority" are logged. The three lowest priorities in ascending order are "debug", "info" and "notice". A priority of "info" will include "notice". A priority of "debug" includes both "info" and "notice".

Enter/Input:
# grep "authpriv.debug" /etc/syslog.conf
# grep "authpriv.info" /etc/syslog.conf
# grep "authpriv\.\*" /etc/syslog.conf

If an "authpriv.*", "authpriv.debug", or "authpriv.info" entry is not found, this is a finding.
Fix Text (F-31333r1_fix)
Edit /etc/syslog.conf and add local log destinations for "authpriv.*", "authpriv.debug" or "authpriv.info".