UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Successful and unsuccessful logins and logouts must be logged.


Overview

Finding ID Version Rule ID IA Controls Severity
V-765 GEN000440 SV-27080r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Monitoring and recording successful and unsuccessful logins assist in tracking unauthorized access to the system. Without this logging, the ability to track unauthorized activity to specific user accounts may be diminished.
STIG Date
Solaris 9 X86 Security Technical Implementation Guide 2013-07-02

Details

Check Text ( C-27994r1_chk )
Determine if successful logons are being logged.
# last | more

Determine if unsuccessful logons are being logged.
# more /var/adm/loginlog

If the commands do not return successful and unsuccessful logins, this is a finding.

Check the syslog daemon configuration for authentication logging.
# egrep "auth\.(info|debug)" /etc/syslog.conf
If there are no entries in syslog for the auth service, this is a finding.
Fix Text (F-33970r1_fix)
Verify that login logs are handled correctly in the /etc/syslog.conf file. Edit the /etc/syslog.conf file and add one of the entries below.

auth.debug /var/log/authlog
OR
auth.* /var/log/authlog

Verify that service startup scripts for syslog and utmp (if present) are enabled.