GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'

Information

Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system. Without this logging, the ability to track unauthorized activity to specific user accounts may be diminished.

Solution

Make sure the collection files exist.
Procedure:
If there are no successful logins being returned from the 'last' command, create /var/log/wtmp:
# touch /var/log/wtmp

If there are no unsuccessful logins being returned from the 'lastb' command, create /var/log/btmp:
# touch /var/log/btmp

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2d., CAT|II, CCI|CCI-000126, Group-ID|V-765, Rule-ID|SV-37178r1_rule, STIG-ID|GEN000440, Vuln-ID|V-765

Plugin: Unix

Control ID: d5f86f3b2d29d2cb3e5b4e1281bd55e88b2c055e42942dd43c841cf43cc5b923