Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22300 | GEN000454 | SV-46149r1_rule | ECSC-1 | Low |
Description |
---|
Providing users with feedback on recent login failures facilitates user recognition and reporting of attempted unauthorized account use. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2012-12-13 |
Check Text ( C-43411r1_chk ) |
---|
Check that pam_lastlog is used, not silent, and configured to show failed logins. # grep pam_lastlog /etc/pam.d/sshd /etc/pam.d/common-session This is a finding unless: - pam_lastlog is present in sshd and common-session, or only common-session if sshd calls common-session with the session include statement. - pam_lastlog is not configured with the "silent" option. - pam_lastlog is configured with the "showfailed" option. |
Fix Text (F-39489r1_fix) |
---|
Configure pam_lastlog. Edit /etc/pam.d/sshd or /etc/pam.d/common-session (if included from sshd) and make the following changes: - if pam_lastlog is not present, add it: "session required pam_lastlog.so showfailed" - if pam_lastlog has the "silent" option specified, remove it. - if pam_lastlog does not have the "showfailed" option specified, add it. |