UCF STIG Viewer Logo

The operating system, upon successful logon/access, must display to the user the number of unsuccessful logon/access attempts since the last successful logon/access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-218083 RHEL-06-000372 SV-218083r505923_rule Medium
Description
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03

Details

Check Text ( C-19564r377264_chk )
To ensure that last logon/access notification is configured correctly, run the following command:

# grep pam_lastlog.so /etc/pam.d/system-auth
session required pam_lastlog.so showfailed

If the output does not have the "showfailed" option, this is a finding.

If the output contains the "silent" option, this is a finding.
Fix Text (F-19562r377265_fix)
To configure the system to notify users of last logon/access using "pam_lastlog", add the following line immediately after "session required pam_limits.so":

session required pam_lastlog.so showfailed