1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Enables accounting of administrative access by specifying the start and stop of SSH sessions

Rationale:

The AAA accounting feature enables to track the actions performed by users and to store the data collected into AAA serves for further audit or further analysis. While the aaa accounting serial, ssh, telnet and enable commands collect and sent the accounting records related to the start and end of sessions done on each access type, the aaa accounting command provides the accounting records related to each command entered by the users during the session and whatever the privilege level of the user.

Solution

Run the following in order to record ssh session start and stop and to send them to the AAA servers

hostname(config)# aaa accounting ssh console _<server-group_name>_

See Also

https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2

Plugin: Cisco

Control ID: 2dafd2e153fadaeefbd9533d3fe8291433eb8e18c0717ffd1b39e81a23961630