Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must display the number of unsuccessful login attempts since the last successful login for a user account upon login.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22300 | GEN000454 | SV-46149r1_rule | ECSC-1 | Low |
| Description |
|---|
| Providing users with feedback on recent login failures facilitates user recognition and reporting of attempted unauthorized account use. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2013-04-26 |
Details
| Check Text ( C-43411r1_chk ) |
|---|
| Check that pam_lastlog is used, not silent, and configured to show failed logins. # grep pam_lastlog /etc/pam.d/sshd /etc/pam.d/common-session This is a finding unless: - pam_lastlog is present in sshd and common-session, or only common-session if sshd calls common-session with the session include statement. - pam_lastlog is not configured with the "silent" option. - pam_lastlog is configured with the "showfailed" option. |
| Fix Text (F-39489r1_fix) |
|---|
| Configure pam_lastlog. Edit /etc/pam.d/sshd or /etc/pam.d/common-session (if included from sshd) and make the following changes: - if pam_lastlog is not present, add it: "session required pam_lastlog.so showfailed" - if pam_lastlog has the "silent" option specified, remove it. - if pam_lastlog does not have the "showfailed" option specified, add it. |