Detections
Analytics
RHEL-10-500020 - RHEL 10 must log username information when unsuccessful login attempts occur.
Information
Without auditing of these events, it may be harder or impossible to identify what an attacker did after an attack.Solution
Configure RHEL 10 to log username information when unsuccessful login attempts occur.Enable the feature using the following command:
$ sudo authselect enable-feature with-faillock
Add/modify the "/etc/security/faillock.conf" file to match the following line:
audit
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-7a., CAT|II, CCI|CCI-000044, Rule-ID|SV-281100r1165655_rule, STIG-ID|RHEL-10-500020, Vuln-ID|V-281100
Plugin: Unix
Control ID: b52714e07805da6d4513466de54df7fa1992809412d8e24e675a6bb51de2a285