CSCv7|4.9

Title

Log and Alert on Unsuccessful Administrative Account Login

Description

Configure systems to issue a log entry and alert on unsuccessful logins to an administrative account.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L1 v1.0.0
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L2 v1.0.0
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.1.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 11 v2.1.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 10.15 v2.1.0 L1
4.1.10 Ensure session initiation information is collected - /var/log/btmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/run/utmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/run/btmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/run/utmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 10 Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 10 Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 10 Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 10 Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b32 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b32 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b64 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b64 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl sudo logUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl sudo logUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - b32 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b32 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b64 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b64 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - sudo logUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - sudo logUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
4.1.15 Ensure system administrator command executions (sudo) are collectedUnixCIS Oracle Linux 7 Server L2 v3.1.1
4.1.15 Ensure system administrator command executions (sudo) are collectedUnixCIS Oracle Linux 7 Workstation L2 v3.1.1