4.5 Enable Login Records - Check if loginlog in /etc/logadm.conf is appropiately set

Information

If the file /var/adm/loginlog exists, it will capture failed login attempt messages with the login name, tty specification, and time. This file does not exist by default and must be manually created.

Solution

Perform the following to implement the recommended state-
touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog
logadm -w loginlog -C 13 /var/adm/loginlog

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-11

Plugin: Unix

Control ID: bd3d34ce6eab1f7a591ef7d3f4a6bed5d56680319480f6a025e5b1fcb1320610