Detections
Analytics

CSCv7|4.9

Title

Log and Alert on Unsuccessful Administrative Account Login

Description

Configure systems to issue a log entry and alert on unsuccessful logins to an administrative account.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L2 v1.0.0
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L1 v1.0.0
1.14 Ensure 'DNS interception checks enabled' is set to 'Enabled'WindowsCIS Google Chrome L1 v3.0.0
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
3.1 Ensure Security Auditing Is EnabledUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
4.1.10 Ensure session initiation information is collected - /var/log/btmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/run/utmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/run/btmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/run/utmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collectedUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b32 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b32 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b64 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl b64 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl sudo logUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - auditctl sudo logUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - b32 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b32 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b64 actionsUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - b64 actionsUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
4.1.15 Ensure system administrator actions (sudolog) are collected - sudo logUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
4.1.15 Ensure system administrator actions (sudolog) are collected - sudo logUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl 32-bitUnixCIS CentOS 6 Workstation L2 v3.0.0
4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl 32-bitUnixCIS Oracle Linux 6 Workstation L2 v2.0.0
4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl 32-bitUnixCIS Red Hat 6 Server L2 v3.0.0