Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-258076 | RHEL-09-412075 | SV-258076r991589_rule | Low |
Description |
---|
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 9 Security Technical Implementation Guide | 2024-06-04 |
Check Text ( C-61817r926213_chk ) |
---|
Verify users are provided with feedback on when account accesses last occurred with the following command: $ sudo grep pam_lastlog /etc/pam.d/postlogin session required pam_lastlog.so showfailed If "pam_lastlog" is missing from "/etc/pam.d/postlogin" file, or the silent option is present, this is a finding. |
Fix Text (F-61741r926214_fix) |
---|
Configure RHEL 9 to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/postlogin". Add the following line to the top of "/etc/pam.d/postlogin": session required pam_lastlog.so showfailed |