Check: GEN000440
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN000440
(in versions v1 r14 through v1 r10)
Title
Successful and unsuccessful logins and logouts must be logged. (Cat II impact)
Discussion
Monitoring and recording successful and unsuccessful logins assists in tracking unauthorized access to the system. Without this logging, the ability to track unauthorized activity to specific user accounts may be diminished.
Check Content
Determine if successful logons are being logged. # last | more Determine if unsuccessful logons are being logged. # last -f /etc/security/failedlogin | more If the commands do not return successful and unsuccessful logins, this is a finding.
Fix Text
Edit /etc/syslog.conf and add local log destinations for auth.* or both auth.notice and auth.info. "auth.info /var/log/authlog" Verify service startup scripts for syslog and utmp (if present) are enabled. # vi /etc/rc.tcpip Check the syslogd service is not commented out. Refresh syslogd. #refresh -s syslogd
Additional Identifiers
Rule ID: SV-38935r1_rule
Vulnerability ID: V-765
Group Title: GEN000440
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000126 |
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system. |
Controls
Number | Title |
---|---|
AU-2 |
Audit Events |