GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'

Information

Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system. Without this logging, the ability to track unauthorized activity to specific user accounts may be diminished.

Solution

Edit /etc/syslog.conf and add local log destinations for auth.* or both auth.notice and auth.info.
'auth.info /var/log/authlog'
Verify service startup scripts for syslog and utmp (if present) are enabled.
# vi /etc/rc.tcpip
Check the syslogd service is not commented out.
Refresh syslogd.
#refresh -s syslogd

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2d., CAT|II, CCI|CCI-000126, Rule-ID|SV-38935r1_rule, STIG-ID|GEN000440, Vuln-ID|V-765

Plugin: Unix

Control ID: eb5f08fd895afc765835ef9d113dbba3c4e6d7d516b78acb773f3d54df6ea473