UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must display the number of unsuccessful login attempts since the last successful login for a user account upon login.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22300 GEN000454 SV-46149r1_rule ECSC-1 Low
Description
Providing users with feedback on recent login failures facilitates user recognition and reporting of attempted unauthorized account use.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2013-04-26

Details

Check Text ( C-43411r1_chk )
Check that pam_lastlog is used, not silent, and configured to show failed logins.

# grep pam_lastlog /etc/pam.d/sshd /etc/pam.d/common-session
This is a finding unless:
- pam_lastlog is present in sshd and common-session, or only common-session if sshd calls common-session with the session include statement.
- pam_lastlog is not configured with the "silent" option.
- pam_lastlog is configured with the "showfailed" option.
Fix Text (F-39489r1_fix)
Configure pam_lastlog.

Edit /etc/pam.d/sshd or /etc/pam.d/common-session (if included from sshd) and make the following changes:
- if pam_lastlog is not present, add it: "session required pam_lastlog.so showfailed"
- if pam_lastlog has the "silent" option specified, remove it.
- if pam_lastlog does not have the "showfailed" option specified, add it.