Detections
Analytics

CSCv6|5.5

Title

Configure systems to issue a log entry and alert on any unsuccessful login to an administrative account.

Description

Configure systems to issue a log entry and alert on any unsuccessful login to an administrative account.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylogUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Amazon Linux v2.1.0 L2
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Amazon Linux v2.1.0 L2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.17 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Server L2 v2.0.0