The system must display the number of unsuccessful login attempts since the last successful login for a user account upon login.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22300 | GEN000454 | SV-46149r1_rule | ECSC-1 | Low |
| Description |
|---|
| Providing users with feedback on recent login failures facilitates user recognition and reporting of attempted unauthorized account use. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2012-12-13 |
Details
| Check Text ( C-43411r1_chk ) |
|---|
| Check that pam_lastlog is used, not silent, and configured to show failed logins. # grep pam_lastlog /etc/pam.d/sshd /etc/pam.d/common-session This is a finding unless: - pam_lastlog is present in sshd and common-session, or only common-session if sshd calls common-session with the session include statement. - pam_lastlog is not configured with the "silent" option. - pam_lastlog is configured with the "showfailed" option. |
| Fix Text (F-39489r1_fix) |
|---|
| Configure pam_lastlog. Edit /etc/pam.d/sshd or /etc/pam.d/common-session (if included from sshd) and make the following changes: - if pam_lastlog is not present, add it: "session required pam_lastlog.so showfailed" - if pam_lastlog has the "silent" option specified, remove it. - if pam_lastlog does not have the "showfailed" option specified, add it. |